Security News > 2021 > December > Minecraft rushes out patch for critical Log4j vulnerability
Swedish video game developer Mojang Studios has released an emergency Minecraft security update to address a critical bug in the Apache Log4j Java logging library used by the game's Java Edition client and multiplayer servers.
The vulnerability is fixed with the release of Minecraft: Java Edition 1.18.1, which is now rolling out to all customers.
To upgrade to the patched version, those using Mojang's official game client are advised to close all running game and Minecraft Launcher instances and restart the Launcher to install the patch automatically.
Gamers who use modified Minecraft clients and third-party launchers should reach out to their third-party providers for a security update.
The bug, now tracked as CVE-2021-44228 and dubbed Log4Shell or LogJam, is a remote code execution flaw found in the ubiquitous Apache Log4j Java-based logging library and reported by Alibaba Cloud's security team.
Apache has already released Log4j 2.15.0 to address this maximum severity vulnerability.
News URL
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- Patch now: Critical Nvidia bug allows container escape, complete host takeover (source)
- Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers (source)
- Progress urges admins to patch critical WhatsUp Gold bugs ASAP (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-10 | CVE-2021-44228 | Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple CWE-502 critical | 10.0 |