Mojang has issued an update for the PC version of Minecraft after a coder detailed an easy-to-manipulate vulnerability that allowed players to crash servers.

1

Pakistan-based developer Ammar Askar openly showcased the method via his blog last night after nearly two years of waiting for developer Mojang to respond (thanks, Ars Technica).

Askar first discovered the exploit back in July 2013, and promptly contacted Mojang so the studio could patch it out.

It took until a second message for Mojang to acknowledge his message, but the bug remained unfixed.

Askar gave up on contacting Mojang after sending two more messages. Now, nearly two years later, he decided the only way to draw attention to the issue was to reveal it openly and hope that Mojang would be forced to respond.

"The version of the game when the vulnerability was reported was 1.6.2, the game is now on version 1.8.3," he wrote.

"That's right, two major versions and dozens of minor versions and a critical vulnerability that allows you to crash any server, and starve the actual machines of CPU and memory was allowed to exist.

The exploit works by flooding the game's servers with information about a particular inventory slot. Askar discovered that it was easy to create code that the game struggled to understand - to the point where the server would crash.

Since revealing the issue, Mojang has since been in touch and has finally published a fix.

Sometimes we include links to online retail stores. If you click on one and make a purchase we may receive a small commission. For more information, go here.

Jump to comments (10)

About the author

Tom Phillips

Tom Phillips

News Editor

Tom is Eurogamer's news editor. He writes lots of news, some of the puns and all the stealth Destiny articles.

More articles by Tom Phillips

Comments (10)

Comments for this article are now closed, but please feel free to continue chatting on the forum!

Hide low-scoring comments
Order
Threading

Related