How Can I Protect Myself Against this Vulnerability? Since they can execute any code they want on a target system, the possibilities are endless. While there are just a relatively small number of attacks targeting this vulnerability in the wild, because of the significance of the vulnerability, it is extremely dangerous to play with the unpatched mods currently.Īttackers have already attempted (and succeeded in some cases) to gain access to Microsoft tokens and browser session data. There was already a similar vulnerability in the past called "Mad Gadget". The vulnerability is caused by unsafe usage of the Java serialization feature in network packets sent by servers to clients or clients to servers, which allows instantiating any Java class that is loaded in the Minecraft instance. We initially attempted to thoroughly and responsibly investigate the issue in order to publish a write-up and completely fix the vulnerability, but since a group named MMPA just published a blog post about the issue while omitting many crucial details about the vulnerability, we were forced to release a statement and attempt to fix the issue right away since they were currently putting millions of modded Minecraft users at risk. Unsafe Deserialization Vulnerability in Many Minecraft ModsĪ few weeks ago, a critical vulnerability allowing arbitrary remote code execution on clients and servers (and therefore all connected clients on a server) was discovered in many Minecraft mods.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |