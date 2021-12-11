A serious security problem was discovered in Log4j, a popular and widely used message log library created under the Java programming language and that, among other platforms and systems, affects Minecraft.

This vulnerability (named CVE-2021-44228) has been classified as severe, since according to the CVE (Common Vulnerabilities and Exposures) organization registry, “an attacker who can control messages or registry parameters can also execute arbitrary code that is loaded from another server ”.

As explained by the cybersecurity body of the New Zealand government, the vulnerability affects any program, service or system that uses the Log4j library in all versions between 2.0 and 2.14.1. Worse still, it also indicates that there are reports that malicious actors are trying to exploit this vulnerability and it is likely not for the very correct purposes.

At the time of publishing this article, Apache had already released a first fix. The recommendation is, for those who use Log4j on their systems, update to version 2.15.0.

Now, this is a serious problem that will mainly affect large companies that use it in their systems. Among others, it has been mentioned that Apple, Twitter, Steam and Amazon are with an open security flank and that they will have to correct as soon as they can.

But the case of Minecraft It is somewhat more complex, being one of the best-selling video games in history. Minecraft uses Log4j in its Java-based version and, fortunately, Mojang has already released an update that avoids the problem. In addition, they ask all users who play on the computer with the Java version to update as soon as possible.

Player safety is the top priority for us. Unfortunately, earlier today we identified a security vulnerability in Minecraft: Java Edition. The issue is patched, but please follow these steps to secure your game client and / or servers. Please RT to amplify.https: //t.co/4Ji8nsvpHf & mdash; Minecraft (@Minecraft) December 10, 2021

It is still too early to know what the real scope of this vulnerability will be, which has many security experts on edge.

