Minecraft: Java Edition should be patched immediately after severe exploit discovered across web

A far-reaching zero-day security vulnerability has been discovered that could allow for remote code execution by nefarious actors on a server, and which could impact heaps of online applications, including Minecraft: Java Edition, Steam, Twitter, and many more if left unchecked.

The exploit ID’d as CVE-2021-44228, which is marked as 9.8 on the severity scale by Red Hat but is fresh enough that it’s still awaiting analysis by NVD. It sits within the widely-used Apache Log4j Java-based logging library, and the danger lies in how it enables a user to run code on a server—potentially taking over complete control without proper access or authority, through the use of log messages.



Source link