Security News > 2021 > December > Minecraft rushes out patch for critical Log4j vulnerability
Swedish video game developer Mojang Studios has released an emergency Minecraft security update to address a critical bug in the Apache Log4j Java logging library used by the game's Java Edition client and multiplayer servers.
The vulnerability is fixed with the release of Minecraft: Java Edition 1.18.1, which is now rolling out to all customers.
To upgrade to the patched version, those using Mojang's official game client are advised to close all running game and Minecraft Launcher instances and restart the Launcher to install the patch automatically.
Gamers who use modified Minecraft clients and third-party launchers should reach out to their third-party providers for a security update.
The bug, now tracked as CVE-2021-44228 and dubbed Log4Shell or LogJam, is a remote code execution flaw found in the ubiquitous Apache Log4j Java-based logging library and reported by Alibaba Cloud's security team.
Apache has already released Log4j 2.15.0 to address this maximum severity vulnerability.
News URL
Related news
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
- PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) (source)
- Patch up – 4 critical bugs in ArubaOS lead to remote code execution (source)
- Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (source)
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-10 | CVE-2021-44228 | Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion CWE-502 critical | 10.0 |