Log4Shell is a huge Java vulnerability that has companies around the world spending Friday afternoons trying to fix it. Minecraft is one of those Java-using programs.
LunaSec reports that the vulnerability was found in log4j. This open-source logging library is used by many apps and services on the internet including Minecraft servers, Steam and iCloud.
Marcus Hutchins is a well-known security researcher who stated, “Millions upon millions of applications use Log4j to log, and all an attacker has to do it get the app to log some special string.”
The exploit was already being used by attackers in the Minecraft case, with several servers already taken offline. To trigger the vulnerability, attackers need only to send chat messages. Minecraft’s team says that this vulnerability could lead to your computer being compromised.
The official Minecraft website provides a checklist of steps to ensure your Minecraft server is secure.
Although an update to log4j has been released, there are many Java-using applications, so it will take some time before everyone gets the update. Because it’s so easy to exploit, this vulnerability is extremely dangerous. To protect yourself against these and other threats, ensure that your computer is always up-to-date.