WORD OF MOUTH: Invite your friends to come, discover the platform and the magnificent 3D files shared by the community! Here are 4 solutions accessible to all:ĪDVERTISING: Disable your banner blocker (AdBlock, …) and click on our banner ads.ĪFFILIATION: Make your purchases online by clicking on our affiliate links here Amazon.ĭONATE: If you want, you can make a donation via Ko-Fi □. The game developer has not yet responded to Recorded Future News' request for comment.You like Cults and you want to help us continue the adventure independently? Please note that we are a small team of 3 people, therefore it is very simple to support us to maintain the activity and create future developments. “We recommend that you take this seriously,” researchers said. To protect players’ devices from BleedingPipe, MMPA recommends downloading the latest release of impacted mods from the official Minecraft channels. “We do not know what the contents of the exploit were or if it was used to exploit other clients, although this is very much possible with the exploit,” MMPA said. Yoyoyopo5 reported in his post about the incident that the hacker used this access to pilfer information from web browsers, Discord, and Steam sessions.Īfter the initial reports, researchers discovered that threat actors scanned some Minecraft servers to mass-exploit vulnerable ones, likely deploying a malicious payload onto affected servers. In early July, a Minecraft player who goes by Yoyoyopo5 was hosting a public server with Forge mods, and during a live stream an attacker exploited the BleedingPipe vulnerability to gain control and execute code on all connected players' devices. However, earlier this month BleedingPipe was used by hackers to steal players' Discord and Steam session cookies. Researchers first became aware of this Minecraft exploit in March 2022 and quickly patched it. The number of affected Minecraft mods exceeds three dozen. If not implemented carefully, it can be exploited by attackers and lead to remote code execution.Īccording to MMPA, any version of Minecraft can be affected by the flaw if an impacted mod is installed. The flaw impacts many Minecraft mods mostly running on the popular modding platform Forge, which uses unsafe deserialization code.ĭeserialization is the process of converting complex data from a serialized format back into its original form, which can be easily stored or transmitted. The game is now owned by Microsoft.Īccording to the MMPA, the BleedingPipe bug has already been exploited many times but researchers didn’t specify how many Minecraft players were affected. Minecraft is the best-selling video game in history, with over 238 million copies sold and nearly 140 million monthly active players. Researchers have found a critical security hole in Minecraft mods allowing hackers to run malicious commands on the game’s servers and compromise clients’ devices.ĭubbed BleedingPipe by the Minecraft security community ( MMPA), the vulnerability allows full remote code execution on gamers’ devices and servers running popular Minecraft mods - player-made changes to the game that can add new items, features, or gameplay elements. Bug in Minecraft mods allows hackers to exploit players' devices
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |