A new and critical security flaw might let malicious actors execute remote malware on the servers of Minecraft users and Minecraft server operators.
The Java deserialization attack, dubbed “BleedingPipe” by a user organisation named MMPA (Minecraft Malware Prevention Alliance), targets servers or clients that have one of several well-known mods loaded.
You can’t become affected if you don’t use the Minecraft mods and don’t play Minecraft on a server that uses one of them.
There are a lot of unstable Minecraft mods. AetherCraft, Immersive Armours, and ttCore are just a few of the prominent mods that contain the vulnerability, according to a German computer science student going by the handle Dogboy21 on GitHub.
A patch to resolve the issue is available on Dogboy21’s Github page, and it entails downloading a new JAR file to place in your mods folder.
The MMPA’s blog post has listed more mods as being susceptible, which also states that version modpacks 1.7.10 and 1.12.2 are particularly at risk.
By taking advantage of a flaw in Java’s ObjectInputStream class, BleedingPipe makes its operation possible.
A hacker may send malicious code along with data to the server, and when the server “deserializes”, it then runs the malicious code on the server side.
If the server is compromised, it may transmit binary data to a client (a player) whose PC deserializes it locally and runs the malicious code.
The possibilities are almost limitless if a malicious party is able to run code on either the server side or the client side.
They could discover a method to steal your user information and exploit it for identity theft, or they might get control of your computer and use it to launch Botnet attacks against other systems.
If you play on other people’s servers, the MMPA advises using a scanner like JSus or jNeedle to check your .minecraft directory for infected files.