Security News > 2021 > December > Minecraft rushes out patch for critical Log4j vulnerability
Swedish video game developer Mojang Studios has released an emergency Minecraft security update to address a critical bug in the Apache Log4j Java logging library used by the game's Java Edition client and multiplayer servers.
The vulnerability is fixed with the release of Minecraft: Java Edition 1.18.1, which is now rolling out to all customers.
To upgrade to the patched version, those using Mojang's official game client are advised to close all running game and Minecraft Launcher instances and restart the Launcher to install the patch automatically.
Gamers who use modified Minecraft clients and third-party launchers should reach out to their third-party providers for a security update.
The bug, now tracked as CVE-2021-44228 and dubbed Log4Shell or LogJam, is a remote code execution flaw found in the ubiquitous Apache Log4j Java-based logging library and reported by Alibaba Cloud's security team.
Apache has already released Log4j 2.15.0 to address this maximum severity vulnerability.
News URL
Related news
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-10 | CVE-2021-44228 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple critical | 10.0 |