Hackers are actively exploiting a ‘BleedingPipe’ remote code execution vulnerability in Minecraft mods to run malicious commands on servers and clients, allowing them to take control of the devices.

  • 2xsaiko
    link
    fedilink
    English
    111 year ago

    I wish newer Java versions would disable object streams by default. They’re such a horrible feature and should never be used. Especially over the network.

  • @zurvan2
    link
    English
    41 year ago

    Bear in mind these are very old versions of minecraft. Mods on these versions are still somewhat popular in a dedicated group, but these won’t be a problem for a typical minecraft player.

    • style99
      link
      fedilink
      51 year ago

      That said, EnderIO in 1.12 is probably still fairly popular. It would be a good idea for server admins and players who use that mod in particular to look into this.