Hackers exploit BleedingPipe RCE to target Minecraft servers, players
Hackers exploit BleedingPipe RCE to target Minecraft servers, players
Hackers are actively exploiting a 'BleedingPipe' remote code execution vulnerability in Minecraft mods to run malicious commands on servers and clients, allowing them to take control of the devices.
I wish newer Java versions would disable object streams by default. They're such a horrible feature and should never be used. Especially over the network.
Bear in mind these are very old versions of minecraft. Mods on these versions are still somewhat popular in a dedicated group, but these won't be a problem for a typical minecraft player.
That said, EnderIO in 1.12 is probably still fairly popular. It would be a good idea for server admins and players who use that mod in particular to look into this.