Ability to run minecraft mod It has become one of his best assets, but in recent days he has become the fuel for many nightmares. And it’s all thanks to a Minecraft exploit christened as BleedingPipewhich affects the Java version of the game and makes your PC and game servers in an easy way to login to hackers with malicious intent.
One of the controversial issues regarding security has always been applications that function like a small operating system, in the sense that programs can run in them. Components from a long time ago ActiveX were viral nest through Internet Explorer. Years later, and despite the fact that security has improved, the concept was carried over to webkit, the engine that powers many web browsers. It brings life in Web applications and modern complex web pages, but also create malicious applications or which are used to make them run in the background. However, the case video game mods He is different, but no less dangerous.
Minecraft mods let you execute malicious code
This affects the Java version for PCs and servers., though no console versions are known at this time. However, from the moment you stop depending on Java virtual machine, they don’t seem to be affected by the problem. And that’s what BleedingPipenamed after the Minecraft Malware Prevention Alliance benefits from java deserialization as a basis for infecting users’ PCs and servers. After all, it’s just new problem security associated with minecraft mod.
The question became popular when recently the streamer yo-yopo5 He streamed a Minecraft game with mods. In the middle of this, a user with malicious intent used minecraft exploit BleedingPipe to gain remote control over each player’s computers. which allowed him rob them
stored information in browsers, discord and even in Steam each of the PCs.
How it works?
The Minecraft BleedingPipe exploit works very simply. It takes advantage of one of the common Java library classes required to perform the base function. When we serialize a filewhat are we doing order information, so that he is prepared for stored in memory or transmittedeither from memory to storage or over the network.
For this, what is being done is to convert the data to a string, usually bytes that, although they contain all the information, due to the way it is represented, cannot be executed as program instructions. In this case, when it comes to Java, this is where the class comes into play. ObjectInputStreamwhich accomplishes this task, but at the same time ensure regression. That is, it is responsible for converting this string into information that can be executed. Problem? That as soon as he gets the code, he puts it to work without any verification.
Which Minecraft mods are the most vulnerable?
Well, not a few suffered from Minecraft BleedingPipe Exploit namely, especially those Minecraft modifications that belong to versions 1.7.10 and 1.12.2 modpacks. Although in general we cannot trust ourselves, since the problem is that since the security hole benefits from the way one of the base classes works common java librarybecause in theory all versions of Minecraft for PC are affected.
However, this is not the end of Minecraft, nor is it a problem that cannot be fixed. Especially since the general Java library classes are usually examples and can be easily modified. Be that as it may, and while a final decision is pending, it is recommended look in minecraft catalog using tools like JSus or JNeedle.