Mojang, the company behind the popular Minecraft game has announced that it has fixed a security issue which exploited a loophole causing the game servers to crash. A security researcher by name Ammar Askar observed that the exploit allows any attacker to send malformed packets that causes servers to crash by exhausting its memory. The response from the game creator – Mojang was unsatisfactory. Despite the vulnerability was responsibly and privately disclosed to the Minecraft team, there were no actions taken by the company – which made the researcher to make the exploit public.
Minecraft Vulnerabilities fixed
Mojang wrote in its blog that it has released a new version of Minecraft 1.8, called 1.8.4, is now available for download in the launcher. This particular release by Mojang fixes some of the reported security issues, in addition to minor bug fixes and related performance tweaks.
The updated version is fully compatible with previous 1.8 versions and Mojang recommends that it is still highly recommended to update to 1.8.4 as soon as possible.
Nathan Adams, one of the Mojang Team members tweeted,
That exploit posted last night is fixed in 1.8.4, but so are other (arguably worse) exploits. Be sure to update!
Along with this update, Mojang has also done some Notable fixes which was revealed in their blog :
- Fix which addresses a game action where Pets follow spectator
- Vines no longer spread correctly in corners
- Certain characters cannot be typed on certain keyboard layouts (“AltGr” behaving like “Ctrl”)
- Nether portals place players in front of the portal
- Duplicating items
- Malicious clients can force a server to freeze
- Malicious clients can force a server to go out memory
- User (formerly known as olduser) has joined shows multiple times
Better late than never, Mojang has finally come up with this security update solving the exploitable game server crash issue.