Minecraft has been existed for some time. It's a good creative outlet for all kinds of entertainment and educational experiences. But with that, problems can occur. In particular, there was a feat found in the game that can make the players vulnerable.
This feat has been identified as CVE-2021-44228 and is known to be a remote code execution. This means that Java-based Apache Log4j Apache Log4J library can take control of other people's computers without the appropriate authority, simply using log messages on the server. In particular, Minecraft: Java Edition is vulnerable to this new method of online attack. And this feat is quite dangerous, not just for Minecraft. It seems that Amazon, Twitter, Apple and many other online service providers are very vulnerable to this feat. Indeed, although Java is not really used for users, business applications like those mentioned above always use Java. But Steam is apparently well, because they have already corrected this problem.
All is not lost with regard to Minecraft, fortunately. Whether playing or hosting a server, it is possible to protect yourself. If you use Apache, it is possible to simply opt for the last update to correct the vulnerability; The same thing for Moving, if that's what is used. Even those who do not want to upgrade or can not, for various reasons, delete the class JNDILOKUP of the class path or set Log4J2. FormatMsGnolookups on True.
There is already a rush to solve this problem, which is a good thing. But if users do not remain vigilant, it could become a problem that will happen in the weeks or even the following months. In the current state of things, security companies are afraid that vulnerability has already been exploited.
If you think you have been attacked in Minecraft with this feat, it is strongly suggested to report it with a receipt ticket.
Look too
Comments
Post a Comment