Vulnerabilities don’t get much worse than cases where typing the right characters into a chat box gives you remote access to the world’s Minecraft servers. Whoops.
It’s been termed the worst hack in history, primarily by those seeking cheap clicks, but still…it’s not good. The CVE is rated a 10.0.
The vulnerability will “haunt the Internet for years” (according to some). The reason is that it’s not a front-line or top-stack component but rather something that’s bolted-on as needed at various places in the Java ecosystem. The problem is identifying where it’s in use – your own code, vendor products, open source dependencies, etc.
Interestingly, this may give a boost to those demanding a “software bill of materials”. You can’t buy a piece of industrial equipment without being told all the hazardous materials involved, etc., so why not receive a similar safety list when buying software?
Patches for this vulnerability are already available. The typical LowEndBox reader is less likely to be running a lot of Java…but it does show up in places like Minecraft and also most enterprisey software. Just update already.
Related Posts:
I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.
I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308
- LowEndBoxTV: Are All Hetzner Locations Alike?No!And Piotr Has the Proof: “This is Clearly Not the Same Processor” - November 22, 2024
- One Week From Tomorrow…THE WORLD WILL LOSE THEIR MINDS!Lines Are Already Forming! - November 21, 2024
- Crunchbits Discontinuing Popular Annual Plans – The Community Mourns! - November 20, 2024
Leave a Reply