Security News > 2023 > July > Hackers exploit BleedingPipe RCE to target Minecraft servers, players

Hackers are actively exploiting a 'BleedingPipe' remote code execution vulnerability in Minecraft mods to run malicious commands on servers and clients, allowing them to take control of the devices.

BleedingPipe is a vulnerability found in many Minecraft mods caused by the incorrect use of deserialization in the 'ObjectInputStream' class in Java to exchange network packets between servers and clients.

In short, the attackers send specially crafted network packets to vulnerable Minecraft mod servers to take over the servers.

The threat actors can then use those hacked servers to exploit the flaws in the same Minecraft mods used by players that connect to the server, allowing them to install malware on those devices as well.

In a new report by a Minecraft security community, the researchers have found that the flaw impacts many Minecraft mods running on 1.7.10/1.12.2 Forge, which uses unsafe deserialization code.

MMPA says a threat actor is actively scanning for Minecraft servers on the internet that are impacted by this flaw to conduct attacks, so fixing any vulnerable mods installed on servers is essential.

News URL

https://www.bleepingcomputer.com/news/security/hackers-exploit-bleedingpipe-rce-to-target-minecraft-servers-players/