For those who are not hosting Minecraft Java Edition on their own servers, they will need to close all running instances of the game and the Minecraft Launcher. The statement adds that the exploit has been “addressed with all versions of the game client patched,” but users will still need to take additional steps to secure the game and their servers. The Java Edition allows crossplay between Windows, macOS, and Linux for Minecraft players. Minecraft in a statement said that the Minecraft Java Edition is impacted and it poses a risk of the computer getting compromised.
Most of the companies are yet to issue a statement.
LunaSec also notes that simply changing an iPhone’s name was triggering the vulnerability in Apple’s servers. On Github, the companies impacted listed as Apple, Tencent, Steam, Twitter, Baidu, DIDI, JD, NetEase, CloudFlare, Amazon, Tesla, Google, Webex, LinkedIn, etc. Other open-source projects such as Paper are also issuing patches to fix the problem, adds the blog.
Microsoft’s Minecraft has already issued a statement on how users can update the game to avoid the issue. Who all are impacted by Log4j?Īccording to cybersecurity firm LunaSec, many services are vulnerable to the Log4Shell exploit, including gaming service Steam, Apple’s iCloud, etc.
The technical definition in the CVE library states that “An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.” The worrisome part here is that the exploit has likely been used by hackers to gain access to certain computer systems, and now that the exploit is in the open, companies will have to patch it soon.Īccording to reports, the problem appears to have been patched for everyone on Log4j 2.15.0 and above as the behaviour has been disabled by default. Read more | Critical flaw in crypto wallets on NFT marketplace OpenSea discovered: Check Point Security