Minecraft
News > Sandbox > Minecraft
World

Minecraft: Java Edition patched following security exploit discovery

Minecraft players were alerted to a security exploit discovered in the Minecraft: Java Edition that could put their PCs, game clients and servers at risk. Developer Mojang has detailed several ways players can secure their game clients and servers from the exploit.
Minecraft: Java Edition patched following security exploit discovery
Minecraft developer, Mojang, discovered a threatening Log4j exploit that could allow malicious attackers to use a remote code within the servers, affecting all affiliated services and applications, including Steam and Twitter and more. This vulnerability has affected Minecraft: Java Edition as it poses a huge risk of your PC being compromised.

The developer released an official statement on Twitter that while the issue has been resolved, Minecraft players need to take the necessary steps to better secure the game client as well as the servers.

How to secure the Minecraft game client?

If players aren’t hosting their servers, instead are playing Minecraft: Java Edition, the following steps need to be taken to secure the game client. All Java edition players need to shut down the game as well as the Minecraft Launcher before restarting it. The patch will then automatically download before players can jump back into the game.

How to secure modded clients and third-party launchers?

While the Minecraft Launcher may automatically update, the same can’t be said for modded and third-party clients. Players will need to refer to their provider for any news and updates on what steps to take.

If the providers have yet to update their client or launcher or have yet to confirm whether their services are safe to use again, players will be at risk using their services. As such, they should not use them until the vulnerability has been resolved.

minecraft minecraft security exploit minecraft security exploit modded versions minecraft security exploit third-party launchers
Minecraft players are instructed to update the game's client to protect their PC from the exploit. (Picture: Mojang)

How to secure the Minecraft game servers?

Those who host their Minecraft servers will undertake different steps to ensure that their servers are safe to play on and prevent other players from being at risk to the vulnerability.

The steps detailed below need to be followed to ensure that players can safely protect their PC and servers from this malicious exploit which version of Minecraft: Java Edition they’re running.

  • v1.18: Players will need to upgrade this version to 1.18.1 if available. If players can’t upgrade, they will need to refer to the steps for v1.17 to secure their servers and their PC.
  • v1.17: Players will need to input the following JVM arguments in the startup command: -Dlog4j2.formatMsgNoLookups=true
  • v1.12-v1.16.5: Players need to install this file to the directory from which the server runs. Next, input these JVM arguments in the startup command: -Dlog4j.configurationFile=log4j2_112-116.xml
  • v1.7-v1.11.2: Similar to the steps outlined for v1.12-v1.16.5, a file needs to be installed to the directory before inputting these JVM arguments in the startup command: -Dlog4j.configurationFile=log4j2_17-111.xml
minecraft minecraft security exploit minecraft security exploit game servers
Mojang has stated that Java Editions below v1.7 aren't affected by the latest security exploit. (Picture: Mojang)

Developers have revealed that Java edition players with versions below 1.7 aren’t affected by this exploit. However, they will provide players with more updates on this ongoing issue once more information is readily available. Therefore, we will update this article with the latest developments and updates on this Minecraft security exploit.

Don’t forget to check out our dedicated Minecraft section for the latest news, updates, guides, leaks and more.

Featured image courtesy of Mojang.