We have released a special patch today on Badlion Client across all Minecraft versions to fix an exploit recently discovered due to a 3rd party library.

We will always make sure our users are safe! ?

For more details about this exploit see here: https://t.co/iLokj3pBgr

— Badlion Client (@BadlionClient) December 10, 2021

URGENT: if you're using log4j in your applications for logging, you need to update it. There's a remote code execution bug in it.

GitHub labeled the vulnerability as “critical severity”https://t.co/uZTyW47Aju via @vice

— Rey Bango (@reybango) December 10, 2021

CERT NZ has released an advisory on a Java vulnerability. Reports from online users show that this is being actively exploited and that proof-of-concept code has been published. https://t.co/7OelaN4aas

— CERT NZ (@CERTNZ) December 10, 2021

This log4j RCE is a great example of how software complexity can cause very bad unintended consequences. Literally every Java project in the world uses log4j. https://t.co/OahRazbuQO

— Mike Perham (@getajobmike) December 10, 2021

A few hours ago, a 0-day RCE exploit was discovered in the logging library log4j. You may not have heard of it, but it's everywhere.

Per @LunaSecIO: "Many, many services are vulnerable".

They include Steam, Apple iCloud, Minecraft, and others.https://t.co/QavDOnDUCp

— Malwarebytes (@Malwarebytes) December 10, 2021

Let me save you a bunch of clicks:

PoC: https://t.co/yShp4iRTxJ
Patch: https://t.co/rVSq2EZfoT
Technical breakdown: https://t.co/QWRkh6rk4y
Systems confirmed vulnerable: https://t.co/Fe2K7vwcV2 pic.twitter.com/9YlNzB1uEF

— Catalin Cimpanu (@campuscodi) December 10, 2021

New: Several major websites and apps on the internet are vulnerable to a bug that is reportedly very easy to exploit.

Researchers say Minecraft, iCloud, CloudFlare, Twitter, and many more are impacted. https://t.co/ogaW5nTpZ3

— Lorenzo Franceschi-Bicchierai (@lorenzofb) December 10, 2021

A Simple Exploit is Exposing the Biggest Apps on the Internet https://t.co/K8016s6r88
via @VICE @pierrepinna @dalithsteiger @appthisway @enrirosasdiaz @LostInDigit @Corix_JC @Xbond49 @Victoryabro #CyberSecurity #Apps #IoT #Cloud #BigData #EdgeComputing pic.twitter.com/j1pfNHGr2N

— Dr. Robin Kiera (@stratorob) December 10, 2021

Minecraft, iCloud, Twitter, Cloudflare, and Steam are reportedly vulnerable to a powerful bug that could allow hackers to take control of their servers and clients, according to several security researchers. https://t.co/PYfpao1sCl

— Motherboard (@motherboard) December 10, 2021

On Thursday, it was discovered that several popular websites, apps, and services are vulnerable to a powerful bug that could allow hackers to take control of their servers and clients. https://t.co/QuXDVeZG6N

— VICE (@VICE) December 10, 2021

The Log4j zero-day (tracked as CVE-2021-44228, or #Log4Shell) has received an official security fix just as scans for vulnerable systems are ramping uphttps://t.co/fa3grtVU5b pic.twitter.com/QHw7EzWSOC

— Catalin Cimpanu (@campuscodi) December 10, 2021

Log4j zero-day gets security fix just as scans for vulnerable systems ramp up https://t.co/OFAjCxjS3i

— piyokango (@piyokango) December 10, 2021

?This is a huge risk to your perimeter and product security #log4shell:
➡️CVE-2021-44228
➡️CVSS 10 - CRITICAL

Check your SCA, you very likely have this #0day somewhere in your product code, and or in your perimeterhttps://t.co/JQXnY1sVjp https://t.co/k2MAydeiMV

— ?mmanuel Chavoya (@FullM3talPacket) December 10, 2021

Log4j zero-day gets security fix just as scans for vulnerable systems ramp up https://t.co/IBZpSuwi9P

— Charity Wright 雷倩 (she/her) (@CharityW4CTI) December 10, 2021

マインクラフトがApacheLog4jの脆弱性に対応して、緊急Updateをリリースしています。他のゲーム開発会社なども、この脆弱性に対する影響がないかをチェックする必要があるかも知れません。

「MinecraftはLog4jの重大な脆弱性に対するパッチを急いで出します」https://t.co/5Z1aq9ls4Y

— キタきつね (@foxbook) December 10, 2021

Minecraft rushes out patch for critical Log4j vulnerability https://t.co/u2Ks18Jq5Y

— The Cyber Security Hub™ (@TheCyberSecHub) December 10, 2021

Iv'e created Gist with exploitation detection ideas and rules

I'll update this gist frequently#log4j #log4jrce CVE-2021-44228https://t.co/vlAR6aFbUl pic.twitter.com/E0K7b9vNck

— Florian Roth ⚡️ (@cyb3rops) December 10, 2021

Resources for Log4j vuln. Reply here with more.

- Overview by @LunaSecIO: https://t.co/4oMCSkvUKd

- Vulnerable Hashes by @mubix: https://t.co/u0yGrCIts2

- IP’s Exploiting by @GreyNoiseIO: https://t.co/9z8N9wK4j4

- Detection Rules by @cyb3rops: https://t.co/io52zB6JHB

— Frank McGovern (@FrankMcG) December 10, 2021

Some #logjam #Log4Shell resources:
ips actively exploiting: https://t.co/FAlOUyr39J
Proof of Concept: https://t.co/J6Pb1H4qyF
git advisory: https://t.co/dcR8ciNzia
yara rules for detection: https://t.co/HafeowIiQs
greynoise activity viz : https://t.co/RmfDb7BIBA#0day #zeroday

— Ben Smash (@B3n_5mash) December 10, 2021

Also useful @cyb3rops and Co. https://t.co/MjAVRonngW

— Mark (@sneakymonk3y) December 10, 2021

I've created this gist as a scratchpad on which I can improve the commands over the course of the dayhttps://t.co/vlAR6aFbUl

— Florian Roth ⚡️ (@cyb3rops) December 10, 2021

Upgrade ASAP to protect yourself from the #RCE vulnerability, CVE-2021-44228, affecting Apache Log4j. Read more at https://t.co/Cx6dPwwdmG #ZeroDay #Cybersecurity #InfoSec

— US-CERT (@USCERT_gov) December 10, 2021

Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitationhttps://t.co/272WvtH1dX

— Recon InfoSec (@Recon_InfoSec) December 10, 2021

CISA Advisory on CVE-2021-44228https://t.co/0Al2d8mYHP

— Andrew Morris (@Andrew___Morris) December 10, 2021

The #Log4J vulnerability is the worst Internet-wide vulnerability since #Shellshock. @Cloudflare has updated our WAF and Zero Trust solutions to protect our customers. https://t.co/hpnrPBvOko

— Matthew Prince ? (@eastdakota) December 10, 2021

Customers using the Cloudflare WAF can leverage three just deployed rules to help mitigate any exploit attempts:https://t.co/UYvkqMCD3x#log4j #Cloudflare

— Adam Janiš (@adam_janis) December 10, 2021

More details here https://t.co/VeeQf0qxhN

— Dane Knecht (@dok2001) December 10, 2021

We've pushed out WAF Managed Rules to block the malicious requests: https://t.co/KPhW7gRoot. We're continuing to monitor and update them as needed.

— Patrick Donahue (@prdonahue) December 10, 2021

i see all the major WAF platform rushing out fixes - @Cloudflare just publicly posted on their rules update https://t.co/czMYH6fTmb and i suspect others are in progress too.

Yeah this is an issue. But my .02 is network based security can mitigate the risk.

— Sean Kerner (@TechJournalist) December 10, 2021