Mojang releases new patch for open-ended sandbox game that addresses major vulnerability.
Swedish developer Mojang has released a new patch for open-ended sandbox game Minecraft that fixes "security issues" and more. The patch appears to be in response to a blog post last night from Pakistan-based coder Ammar Askar, wherein he outlined a major security exploit that he said Mojang had failed to address for almost two years.
"We have released a new version of Minecraft 1.8, called 1.8.4, which is now available for download in your launcher," Mojang said on its website. "This release fixes a few reported security issues, in addition to some other minor bug fixes & performance tweaks."
The update is optional. But Mojang said it is "still highly recommended" that players update to 1.8.4 right away.
Some of the notable fixes, courtesy of Mojang, are listed below.
- [Bug MC-46771] – Pets follow spectator
- [Bug MC-61758] – Vines no longer spread correctly in corners
- [Bug MC-68642] – Certain characters cannot be typed on certain keyboard layouts ("AltGr" behaving like "Ctrl")
- [Bug MC-73504] – Nether portals place players in front of the portal
- [Bug MC-78495] – Duplicating items
- [Bug MC-79079] – Malicious clients can force a server to freeze
- [Bug MC-79612] – Malicious clients can force a server to go out memory
- [Bug MC-78020] – User (formerly known as olduser) has joined shows multiple times
Developer Nathan Adams alluded to Askar's blog post in his one tweet earlier today.
In his blog post, which was first reported on by Ars Technica, Askar explained how anyone could--rather easily--crash a server hosting Minecraft. He even released a proof-of-concept video demonstrating how it works. Askar said he privately wrote to Mojang about this issue in July 2013. But he never heard back, and just this week decided to publish his findings in an effort to bring more attention to the issue. It worked.