Minecraft players are being warned about a significant vulnerability in a number of modded servers, leaving their machines defenceless against hackers.

As reported by Tom’s Hardware, the Minecraft Malware Prevention Alliance (MMPA) notified players over the weekend of this discovery. “BleedingPipe is an exploit being used in the wild allowing FULL remote code execution on clients and servers running popular Minecraft mods on 1.7.10/1.12.2 Forge,” the team explained.

They added that there may be more versions of Minecraft that could be at risk of the exploit and suggested that players take this warning seriously. The first instance of BleedingPipe appeared in March of last year but the MMPA said that “none have been of this scale in the Minecraft community.”

minecraft mods leave computers open to malware attacks 2
‘Minecraft’ Credit: Mojang Studios

In order to protect peoples’ computers and laptops, Dogboy21 on GitHub – with assistance from a host of other developers – created a patcher that addresses potential vulnerabilities in all known affected mods.

“While there are just a relatively small amount of attacks targeting this vulnerability in the wild, because of the significance of the vulnerability, it is completely dangerous to play with unpatched mods currently,” said Dogboy21.

“Attackers already attempted (and succeeded in some cases) Microsoft access token and browser session steals. But since they can literally execute any code they want on a target system, the possibilities are endless,” they continued.

At the moment, there is a growing list of the affected mods for players’ advisement. Dogboy21 and the rest of the developers specified that they are unable to give “exact version ranges” for the mods, and that the list is not complete owing to the continued efforts to identify vulnerabilities.

See also  ‘Total War: Warhammer 3’ announces sweeping changes to DLC prices

In other gaming news, Super Smash Bros. creator Masahiro Sakurai has said that Nintendo doesn’t have someone lined up who would be able to “simply take the reins” on the series’ direction.



Source