Hackers are actively exploiting a ‘BleedingPipe’ remote code execution vulnerability in Minecraft mods to run malicious commands on servers and clients, allowing them to take control of the devices.

  • 2xsaiko@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    I wish newer Java versions would disable object streams by default. They’re such a horrible feature and should never be used. Especially over the network.

  • zurvan2@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Bear in mind these are very old versions of minecraft. Mods on these versions are still somewhat popular in a dedicated group, but these won’t be a problem for a typical minecraft player.

    • style99@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      That said, EnderIO in 1.12 is probably still fairly popular. It would be a good idea for server admins and players who use that mod in particular to look into this.