Hackers exploit BleedingPipe RCE to target Minecraft servers, players

Technology@lemmy.world – 73 points – 1 years ago

Hackers are actively exploiting a 'BleedingPipe' remote code execution vulnerability in Minecraft mods to run malicious commands on servers and clients, allowing them to take control of the devices.

I wish newer Java versions would disable object streams by default. They're such a horrible feature and should never be used. Especially over the network.

Bear in mind these are very old versions of minecraft. Mods on these versions are still somewhat popular in a dedicated group, but these won't be a problem for a typical minecraft player.

That said, EnderIO in 1.12 is probably still fairly popular. It would be a good idea for server admins and players who use that mod in particular to look into this.