Yesterday we reported that a security researcher named Ammar Askar discovered an exploit in Minecraft’s code which could allow anyone with skill to hack into the servers at Mojang and shut them down easily. He found it two years ago and repeatedly reported it to Mojang hoping it would be fixed, but he was ignored. Basically, there was a weakness in how their Minecraft-running server compiles and decompresses data, and if it’s overloaded, the server could run out of memory and crash.
Yesterday Askar took the drastic measure of posting full instructions on how to activate the bug on his GitHub page. He figured if anything could light the fire under Mojang it would be that, and it seems to have worked. A new upgrade for Minecraft suddenly appeared today, and among other bug fixes, Askar’s is listed:
- [Bug MC-46771] – Pets follow spectator
- [Bug MC-61758] – Vines no longer spread correctly in corners
- [Bug MC-68642] – Certain characters cannot be typed on certain keyboard layouts (“AltGr” behaving like “Ctrl”)
- [Bug MC-73504] – Nether portals place players in front of the portal
- [Bug MC-78495] – Duplicating items
- [Bug MC-79079] – Malicious clients can force a server to freeze
- [Bug MC-79612] – Malicious clients can force a server to go out memory
- [Bug MC-78020] – User (formerly known as olduser) has joined shows multiple times
As Mojang put it, “We have released a new version of Minecraft 1.8, called 1.8.4, which is now available for download in your launcher. This release fixes a few reported security issues, in addition to some other minor bug fixes & performance tweaks.” They said the upgrade was optional but it was “highly recommended” that it be installed.
Developer Nathan Adams also mentioned in a Tweet that there were actually worse exploits than that one which he found, which have also been patched now.
You must be logged in to post a comment Login