I was about to log in an anarchy server but I went outside to take some air and it saved my computer.

Update all your apps and devices NOW!! It’s not just Minecraft and servers. The Log4j RCE vulnerability affected nearly every service that used this Java library. You could do the same exploit by changing your iPhone’s name, thru the login page on Twitter, and even by changing the name of your Tesla car (seriously). This vulnerability is being actively exploited, and companies are rushing out updates to prevent it. Again, it’s not just MC and servers. I work at a software company and we had quite a scare. Update all your apps and devices ASAP. (Reposting because this comment got deleted for some reason)

My dad was actually notified and had a emergency meeting when this happened (he works in cyber risk), he told me it was about minecraft, I though that it was pretty weird then, but forgot about it in an instant. Now that I see how dangerous this actually was I feel really dumb.

Would just like to note that it's NOT required to have java 8 to have this exploit fixed. Mojang has pushed out updates for all versions. If you are a server owner/mod developer etc. you do need to take action though. Mojang has made a statement on their website which everyone should read.

I use lunar client, and I'm pretty sure they were one of the first clients to patch the exploit. Insane how fast they were to do it too

Gonna give some more info 1. Mojang has pushed a fix for all vanilla versions of the game. If you run vanilla you're fine 2. Forge, Fabric, Paper, Lunar, and Badlion all have patched the issue, and individual mods are (most likely) unaffected. 3. This bug affects ALL java programs that use log4j on the specific versions that the bug works on. Which is a lot. Because log4j is one of the most popular logging libraries. 4. Java 8 isn't required for the fix 5. Versions below 1.7 (why are you even playing on these versions) are completely unaffected in any way.

So that's why when I started my launcher recently after a while both Java and my launcher prompted me with "necessary safety update" written in red. Damn I'm happy I did both and didn't ignore them

Just to be clear, a 0-day can also be a vulnerability the developers do not yet know about - and this is perhaps the more common use of the term. But it of course also includes vulnerabilities that are known but have not received a patch.

There are sooo many examples of websites doing this, you’d have thought that major developers would not do this

Fun fact: Users of MultiMC were NEVER at risk. it uses the most up-to-date version of the logger regardless and prevents arbitrary code from launching in the first place via instances even legacy versions are safe like 1.5.2 or 1.0.

I remember watching a Tom Scott video similar to this issue. He explained how on some websites you could set a certain string of characters as your username and it would cause, if my memory serves, a database wipe of that website.

"i remember it like it was yesterday, because it was" comedy gold

The Vanilla Launcher also already sent out a patch for all versions from 1.12 and onwards. Good thing I always use java versions newer then 8, like 11 and 17

1:30 It didn't spread, it wasn't just Paper servers, it was all MC servers since they all inherently use the Log4J library. Same with all those other companies, it wasn't a virus spreading, just the same exploit being used on different software/services.

I feel so bad for the kids who got traumatized after someone forced them to visit an 18+ site

Thank you so much for explaining this exploit as I didn't understand what this was and what would it had done.

The rick roll potential is unlimited

Just imagine playing 2b2t during this period, i cant imagine the chaos there

In early 2020, you could impersonate people using a session ID exploit. Things could be wiped in seconds, but this 2021 exploit went as far as hacking your computer. This is actually scary as doing nothing wrong can mess up your whole device. I'm glad Mojang patched this as soon as they could. Very informative 10-minute video :)

me using bedrock edition: haha my competitor has a massive security issue

It’s very fun seeing you calmly battle someone else in pvp while explaining this stuff

A small correction for this otherwise very accesable video on the exploid: With the 1.17 update, Minecraft forces you to use Java 16 as it uses the new G1GC algorithm. For 1.18 Minecraft will activally search for an Java 17 installation. Java 17 has a partial fix for the LOG4j exploid and thus updating to this version of Java will give u some extra protection against these attacks

I'm glad that no hacker rick rolled the entire minecraft community

currently binge watching all ur vids edit: for the 4th time

This happened to me yesterday. I was playing 1.8 on hypixel and my computer literally turned off randomly and wouldn't turn back on (all the cables were still in) and then when it did finally turn on it was on this code screen. Luckily I managed to take control of the computer and it's fine now

Alternative Title: The Chat Message That KILLED Minecraft and soon the whole internet

4:15 Family Guy season 7 only has 16 episodes. The 337th episode of Family Guy overall is season 18 episode 8 "Shanksgiving". 7:49 also Gumibär is literally pronounced like "gummy bear". The ä makes a sound almost exactly like the "ea" in "bear".

great video aidan! I was debating making a tutorial on this but decided it was way too wacky to do

I am an owner of a small server on minehut, I was away on vacation when this happened. Luckily from what I know my players are ok. This is one of the worst hacks to happen to a game, up there with the DDoS attack on roblox a couple weeks ago.

Your video quality is just the best. Keep it up, and you will easily hit a million in a few months if you expand your content

Crazy how this stuff can just happen like this also subbed!

1:08 i also thought that it was just chaos and panicking , until i read a random reddit thread explaining how bad it really was...

I'm actually kinda happy I had a pretty back headache while this was going on since I'd probably forget abt this and just keep joining servers lol. Anyway really good video! :)

I was going to join some random server but I then went to just watch some television. Doing that really saved my location.

I'm so glad that my minecraft stopped working a little while ago and I'm still working on fixing it, I could have been in grave danger if that didn't happen

"I remember like it was yesterday... ...because it was yesterday" got me lol

I thought this was going to be a documentary on the terrible gamer terminology "ez" 😥😥

This was quite something. I play on Purity Vanilla a lot and the entire thing had to be shut down.

A zero day is when nobody knows about the exploit until it was used this wasn't a zero day and minecraft was definitely not the first target. When RCE is discovered you go after far more than just people playing minecraft.

Hey thanks, I thought I heard something about a launcher argument but when I went online try and find it all I could find was something you add to servers.. Thanks! 💜

log4j must be the largest back door exploit in history, mark my words

I was playing on a 1.8.9 anarchy server today and a guy joined. He started asking what clients we were all using and I told him I was using lunar. At the time I thought he was just being friendly but then a few minutes later he started typing the log4j command. At first I didn't think anything of it but then I realised what he was typing and I instantly left as I wasn't sure whether lunar had patched it or not

Thank you for informing us!! Great video

Level 69 on hypixel, credit music artist, good thumbnail, good explain and good gameplay. This is what i wanted :D

This is movie material. Amazing video, deserves to go viral ❤️

I was at school and my class always watched news for free time, one of them showed how there is a bug in almost everywhere electronic and hackers are using that bug to hack people. It also showed some guy having fun on an obstacle course

2:06 i swear, Java developers can be SO LAZY sometimes. its insane

Been waiting for the video talking about this exploit. I appreciate this, MCBYT, thank you!

Let’s gooooo mcbyt upload

I have been going CRAZY hoping I dont get hacked. Thank you so much dude

my code developer brain is going to rot after hearing him call github as 'jithub' lmao, but other then that, I really enjoyed this video! new sub from me :P

entity 303 would've been drooling with malicious intent to hack and slash, makin a doomguy coffee meme face too lmao

Thanks for explaining this to us. Now I will be careful with chat playing Minecraft and watch for that message that will show up

I'm glad I was asleep during this whole thing, great vid Aidan!

"Everyone's at risk." Does that include the IRS?

THANK YOU SO MUCH!!! I love the explaining and everything, and thanks for letting me kno2 about the exploit! glad i now know im safe

Malicious hackers/exploiters would be far less common if they weren't poor, weren't bored or didn't have a bad social situation. Instead of fighting sickness, fight more what may cause it. Instead of fighting crime, fight more against its roots. It works and we would have to address security less, but we would still have to address it.

My 2007 Dell Inspiron runs Windows 11 without bugs, has its hardware almost maxed out, boots in 5 seconds! if you got one don't throw it away! Unlike Macs, these have been supported kind of officially for 15 years and it's not even the end!

This exploit was created by mojang trying to get people to play the newest version LMAO

Omg i was waiting for someone to make a vid on this!

There is no way someone isnt using this to rickroll people

i remember when this happened, I got pinged at least 69 times telling me to NOT play on any servers. I got really scared, because i was literally on a server when it happened.

I rarely play on servers so I'm pretty sure im safe. Did this exploit in 4J work on all OS?

I heard about this instant it happened. Never understood it. thx for the vid

is this happening on bedrock/windows 10 edition and will it go over to single player cause thats what im worried about if it does

"And for a while, nobody was safe, until they downloaded Raid Shadow Legends the sponsor for today's video."

Claim your "I was here early" ticket here

I love your style of video documentaries! Very entertaining

Thank you for making that video! I am using fabric client mods on a vanilla server that I own, what should I do?(Also nice background footage, next time put some less cool videos of you so it isn’t easy to get distracted.)

That Dell Inspiron PC you showed was literally the same PC my family used to have

really doing good, everytime I come back to your channel you just be doing better. Congrats

Holy shit 0_0... Great video man

as someone who was effected by this glitch, PLEASE UPDATE. this happened to be back in august, but I was lucky enough for the attacker to not steal any of my info (that I know of). All the attacker did to me was destroy windows (I assume from deleting system 32). it took me 20 mins to load windows after putting my pin in, and my desktop and everything was wiped, I ended up having to reset my pc and lost all my data. so please take all the necessary steps to avoid this bug

The effort you put Into your videos are Insane

thank you for making this video! i am going to put a link to this in my discord server to get the word out

0:43 thats a funni number

"When your hardware predates the Gummy _Bar_ song"

I didn't hear about this all, sounds absolutely f*cking great.

I havent been able to play java for 4 days because i was scared they would steal my account or hack my pc this was really helpful ily so much thx for the vid

me who plays by my self: hahaha i am incredibly lonely

I’ve never had to reinstall windows on my GAMING PC so far.

i love how people do/can do powerful things over/on a cube simulator for children

I actually rickrolled the entire P2W server using log4j and it dropped the playerbase by 20% lol

"DDoS" means _Distributed_ Denial of Service. So at 5:15, it is a _DoS,_ Denial of Service.

“I remember it like it was yesterday.. Because it was.” LOL

I haven’t been playing Minecraft for a while(or games overall) so this is nice to know I should stay off

Thanks for the great video! my friend told me about this a day or two ago and im glad to have some more detailed information on it.

also about this exploit, the good part is that it did not affect 2b2t that much, although everyone would expect it went wrong there due to nature of the server. However, one person used that exploit to patch the exploit lol, before anything malicious could be used on the server, and as hausemaster really failed to protect people from the exploit at this time, after some downtime.

I was using Java 8 and my server still suffered this exploit, but it appears you can completely block offending chat messages by using log4j's filtering capabilities.

3:51 well... that's surprising. i guess i could have played used my pre-1.17 anarchy client the whole time and only IP addresses and location would have been taken from me

this was a big thing, i thankfully have not been affected yet...

Yet another reason why VPN's are ESSENTIAL & it's evil that servers try to block them. I always have a VPN on 24/7!

Great video! Going to be interesting this week to hear what companies were breached.

This is the guy at the world trade center frantically warning everyone about the important documents that are at risk. It's a touch bigger than that. Minecraft isn't the only program that uses Java and losing account details should be the least of your worries.

cool that you are spreading this info(bit late tho), but there are a few things you said that are not correct or would prolly need a bit more added to them to be 100% correct props for even doing such thing

Thank fuck I always use an up-to-date java executable instead of the one pre-packaged with minecraft (and also I haven't played minecraft online in two and a half years so that probably helps as well)

good thing recently i’ve been obsessed with shaders again playing survival

Moral : Don't underestimate a Chat Message !! Lol 😂

This happened right when I started 2b2t not knowing it existed.

Its awesome that you visited Bedwars Practice ! 😯