The specific vulnerability is found in log4j, an open-source logging library used by various apps and services around the internet, including Minecraft servers, Steam, and iCloud, according to LunaSec.
Marcus Hutchins, a well-known security researcher, said, “Millions of applications use Log4j for logging, and all the attacker needs to do is get the app to log a special string.”
— Marcus Hutchins (@MalwareTechBlog) December 10, 2021
In the case of Minecraft, attackers have already been actively using the exploit, and several servers were already taken offline. The attackers only need to post chat messages to trigger the vulnerability. According to Minecraft’s team, “This vulnerability poses a potential risk of your computer being compromised.”
If you run a Minecraft server, the game’s official website has a list of steps you need to take to make sure your server is secure.
An update to the log4j library has already been released, but there are tons of applications and people using Java, and it’ll take time before everyone has the update. This vulnerability is dangerous because it is so easy to exploit. As always, make sure everything on your computer is updated to protect yourself from this and other threats.