Mojang releases patch for Minecraft vulnerability that allowed players to freeze the game and crash servers

Fans of popular PC version of Minecraft can now download a new patch starting today. The update fixes several bugs including the one that allows any player to freeze the game or crash it. Mojang revealed that the biggest reason for pushing out today’s new Minecraft update was to address a reproducible security threat that had been made public.

The reproducible security threat was first showcased by Pakistan-based developer Ammar Askar on his blog two days before, after waiting for exactly two years for Mojang to respond. Askar first discovered the vulnerability in July 2013 which allowed him to crash the Minecraft game servers.

Askar promptly contacted Mojang so the studio could patch it out however Mojang only responded once he had sent a second email but to date till the release of the above patch, the bug remained unfixed.

Askar gave up on contacting Mojang after sending two more messages. Now, nearly two years later, he decided the only way to draw attention to the issue was to reveal it openly and hope that Mojang would be forced to respond, which it did promptly today by releasing the patch just after two days of making the bug public.

“The version of the game when the vulnerability was reported was 1.6.2, the game is now on version 1.8.3,” he wrote. “That’s right, two major versions and dozens of minor versions and a critical vulnerability that allows you to crash any server, and starve the actual machines of CPU and memory was allowed to exist.”

The exploit works by flooding the game’s servers with information about a particular inventory slot. Askar discovered that it was easy to create code that the game struggled to understand – to the point where the server would crash.

The bugs fixed in this patch are as follows :

  • Pets follow spectator
  • Vines no longer spread correctly in corners
  • Certain characters cannot be typed on certain keyboard layouts (“AltGr” behaving like “Cltrl”)
  • Nether portals place players in front of the portal
  • Duplicating Items
  • Malicious clients can force a server to freeze
  • Malicious clients can force a server to go out of memory
  • User (formerly known as olduser) has joined shows multiple times

The patch can be downloaded here.

LEAVE A REPLY

Please enter your comment!
Please enter your name here