Log4j - Security vulnerability, beware

Hey everyone.

You may or may not know, but today there has been an exploit associated with Log4j, which is literally setting the internet on fire.

Log4j is, as you guessed it, is a very popular logging system used by iCloud, Steam, Minecraft Java and many more popular programs and applications. However, today, a serious exploit was associated with Log4j.

This worried a lot of companies because it made it very easy for people to make remote executions on servers.

One of the first companies to spot this new exploit was Mojang, developer of Minecraft. This was detected in Minecraft: Java Edition as it uses Log4j, and they issued a security warning. If you have not yet upgraded to 1.18.1 to fix this, Do not enter any multiplayer server at all! Please read this post and consider next steps to secure Minecraft Java.
https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition

Keep it mind, this is being tracked on the CVE as well.
https://www.cve.org/CVERecord?id=CVE-2021-44228

PCMag has also made a news blog on it.

With that said, please be extremely careful at the moment as this is the most dangerous exploit at the moment. If you have any questions or comments, please reply below.

3 Likes

Thank you for spreading this valuable warning.

2 Likes

I saw this, it’s a pretty big deal.

1 Like

UPDATE

Log4j is now patched, according to the Apache Foundation, but hackers are still scanning the entire internet for vulnerable devices. Based on research, I suppose exploiters are scanning the internet 100 times per minute.

I recommend full scanning your Windows PC if you have one, yesterday I scanned mine and it found some vulnerability, thankfully now it’s fully secured.

Great, I appreciate you coming out here and making this a publicly aware issue.

1 Like

I would grant a badge, but you already have them all. :upside_down_face:

1 Like

It’s surprising how such a major gap in security was just overlooked like that.

Also if you know anybody vulnerable to these attacks let them know, these attacks are most dangerous for young people or old people.

A really annoying this is that the exploit had been around for years.

The Chinese security group, alibaba cloud security noticed the venerability all the way back in November and privately messaged the log4shell team.

The log4Shell team should have reacted faster to this…

Ikr… you know Flamingo? (mrflimflam) played Minecraft in 1.18 on multiplayer on his video… “NEW MINECRAFT UPDATE” so, I wonder what will happen to him… @Noah @RealOH20 @cam

His PC could have been at a very high risk if he didn’t update to 1.18.1 or if someone else in that same server typed in a certain chat message to overtake his PC.

He didn’t upgrade to 1.18.1 . Luckily I didn’t play Minecraft for a month, so I didn’t play 1.18. Only 1.18.1 and 1.17.1 so am I fine? @RealOH20

If you own Minecraft: Bedrock Edition like I do, you are completely fine. If you own Minecraft: Java Edition and you are not hosting a server then simply restart the Minecraft Launcher and it will auto-patch the bug.

I only play single player, so I think I’m good. @RealOH20

This is still ongoing, this could take years until the Log4j vulnerability is patched. It’s certainly one of the worst internet vulnerabilities in history.

Wow, that’s not great. I can’t believe that the Log4j vulnerability was caused due to a not needed needed permission.