Hackers exploit BleedingPipe RCE to target Minecraft servers, players
Hackers are actively exploiting a 'BleedingPipe' remote code execution vulnerability in Minecraft mods to run malicious commands on servers and clients, allowing them to take control of the devices.
https://www.bleepingcomputer.com/news/security/hackers-exploit-bleedingpipe-rce-to-target-minecraft-servers-players/Open linkView original on kbin.social
I wish newer Java versions would disable object streams by default. They're such a horrible feature and should never be used. Especially over the network.
Bear in mind these are very old versions of minecraft. Mods on these versions are still somewhat popular in a dedicated group, but these won't be a problem for a typical minecraft player.
That said, EnderIO in 1.12 is probably still fairly popular. It would be a good idea for server admins and players who use that mod in particular to look into this.