HackDig : Dig high-quality web security articles for hacker

Mojang Updates Minecraft to Patch Server Crash Vulnerability

2015-04-17 12:40

Mojang Patches Bug After Exploit Is Made Public

After seeing that Minecraft developers failed to address a serious security bug he reported nearly two years ago, a Pakistani programmer has decided to release an exploit for the vulnerability. Minecraft developer Mojang released a new version of the game on Friday to address the issue.

In the summer of 2013, while analyzing the “network internals” of the popular game Minecraft,

Ammar Askar

discovered a vulnerability that could be exploited to cause a server to crash by sending it malformed packets.Minecraft exploit published

The expert reported his findings to Mojang, which Microsoft acquired in September 2014 for $2.5 billion. Askar provided the company with details on the flaw, along with a proof-of-concept demonstrating his findings.

The researcher says he attempted to contact the company several times over the next three months to learn about the status of a patch, but Mojang ignored most of his emails. The developer released two major versions of the game since being informed of the vulnerability, but none of them addressed the issue.

On Thursday, Askar decided to make his proof-of-concept (PoC) exploit public to force the company to take action.

“I thought a lot before writing this post, on the one hand I don’t want to expose thousands of servers to a major vulnerability, yet on the other hand Mojang has failed to act upon it,” the expert wrote in a blog post. “Mojang is no longer a small indie company making a little indie game, their software is used by thousands of servers, hundreds of thousands people play on servers running their software at any given time.”

The vulnerability, which allows malicious clients to force the server to run out of memory, affects Minecraft 1.8.3 and previous versions. Mojang addressed the vulnerability on Friday morning with the release of Minecraft 1.8.4, which also fixes other security flaws, minor bugs, and performance issues. Mojang advises gamers to update to the latest version as soon as possible.

In an update to his initial blog post, Askar said he probably should have given Mojang a final notice before releasing his exploit. It turns out that the developer had attempted to patch the vulnerability, but their fix wasn’t effective against the expert’s PoC.


Source: arc-revres-hctap-tfarcenim-setadpu-gnajom/IahWWVvIXjo/3~/keewytiruceS/r~/moc.elgoog.yxorpdeef

Read:2113 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

“Mojang Updates Minecraft to Patch Server Crash Vulnerability”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud