BleedingPipe Vulnerability affects Minecraft servers

Minecraft players and those who run Minecraft servers face a new and dangerous security vulnerability, which could allow bad actors to run remote code on their computers. Dubbed as ‘BleedingPipe,’ by a user group called MMPA (Minecraft Malware Prevention Alliance), the exploit uses Java deserialization to infect servers or clients that have one of many popular mods installed.

The number of vulnerable Minecraft mods is extensive. A German goes by Dogboy21 on GitHub has identified three dozen popular mods that have the vulnerability, ranging from AetherCraft to Immersive Armors to ttCore Dogboy21’s Github page also has a patch to fix the problem, which involves getting a new JAR file to put into your mods folder. The MMPA’s blog post lists even more mods that are affected and claims that, specifically, 1.7.10 and 1.12.2 version modpacks are those that are vulnerable.

BleedingPipe works by taking advantage of a problem with the ObjectInputStream class in Java. A hacker can feed data to the server with code that does something malicious, and then, when the server receives the code and “deserializes” it, that code gets executed on the server side. Similarly, if the server itself is infected, it could feed binary data back to a client (a player) whose PC deserializes it locally and executes the code.

If a threat actor is able to execute code on either the server or client side, the possibilities are nearly endless. They could find ways to exfiltrate your user data and use it for identity theft or could take over your computer and use it for Botnet attacks on other systems.