Sometimes hackers, coders, programmers make a hobby out of finding faults in security measures. Well, there was a server stability issue in Minecraft involving an inventory information exploit and it's finally been fixed... after two years.
Eurogamer has a brief rundown of the events, which originally started two years ago and involved Pakistani developer Ammar Askar.
Askar was tinkering around with Minecraft when he found a server exploit that allowed users could flood the servers using an inventory coding bug. Askar tried multiple times to contact Mojang about the issue, but he was ignored by the development studio.
Askar wrote about the problem on his blog. Here's a snippet:
The version of the game when the vulnerability was reported was 1.6.2, the game is now on version 1.8.3.That's right, two major versions and dozens of minor versions and a critical vulnerability that allows you to crash any server, and starve the actual machines of CPU and memory was allowed to exist.
After two years of attempting to get Mojang's attention, Askar took things into his own hands by revealing the exploit publicly.
With the exploit going public, Mojang was forced to address the issue in Minecraft. Over on the official Mojang website, the company issued a quick fix on April 17th to address the bug. According to the patch notes, bug MC-79079 (which "can force a server to freeze”) and bug MC-79612 (which “can force a server to go out memory”) have both been fixed.
Here's how Mojang describes the patch:
This release fixes a few reported security issues, in addition to some other minor bug fixes & performance tweaks.This version is fully compatible with all previous 1.8 versions, but it is still highly recommend to update to 1.8.4 as soon as possible.
Some gamers are speculating that Mojang quickly addressed the issue because Microsoft purchased the company late last year. Microsoft is definitely concerned about security issues and someone having access to an easy Minecraft exploit is bad for business.
It's nice that Askar tried multiple times to get Mojang's attention to fix the issue in Minecraft, as opposed to selling the exploit to DDoS groups who could have used the opportunity to permanently cripple Minecraft.
So far, Minecraft hasn't been one of those games that regularly makes it into the news regarding hackers, botnet attacks, or DDoS spamming. That's actually a really good thing for the folks at Mojang.
As it stands, this story has a happy ending. Askar managed to find an exploit, and after two years of attempting to get Mojang's attention, he finally managed to convince them to fix the exploit. Now gamers can continue enjoying Minecraft, and Mojang can go back to doing whatever it is Microsoft has them doing.
