News Security Hole in Minecraft Mods Lets Hackers Execute Code Remotely

[Admin]

Bleeding Pipe vulnerability allows remote code to run. Here's what you can do to protect yourself.

Security Hole in Minecraft Mods Lets Hackers Execute Code Remotely : Read more

 

[Falkreon]

The name "bleeding pipe" or "bleeding-pipe" or "pipebleed" is a complete misnomer; bleed attacks retrieve data. That is not what's going on here, it's a ACE attack (yes, very similar to the log4j attack). This is also not Minecraft-specific, this is a problem with Java SE which has been mentioned as a security vulnerability since 2015. Its actual name is Mad Gadget, and calling it pipebleed will just cause more problems.

 

[LabRat 891]

Funny.
My Dad over 2 decades ago would 'freak out' over this very possibility when I first started playing Multiplayer games.

Also funny, is that this isn't an issue with the App or the content, it's a Java-related problem. Meaning, even a friggin Sat/Cable TV STB is potentially at risk.

The popularity of this particular Java application, just makes it a bigger target.

 

[RichardtST]

Yeah, this has existed forever. ObjectInputStream only partially works and unreliably at that. Especially for larger objects. Slow news day when you've got to dig up Java bugs...