A new zero-day vulnerability has been discovered in popular Java logging framework Log4J that affects several things online like popular game Minecraft, Apple?s iCloud, Steam, and more softwares and products that use Java in their code. The vulnerability, tracked as CVE-2021-44228 is quite dangerous as it can be exploited to run any code and requires very low skills for the attacker to exploit.
Many services and applications rely on Log4j, including games like Minecraft, Steam, and Apple iCloud. It is a logging package developed by Apache Software Foundation, and the vulnerability affects all versions between 2.0-beta-9 and version 2.14.1. While Apache has fixed the vulnerability in the most recent update to version 2.15.0, but software makers still need to install it to protect their customers.
ALSO READ: Joker Malware Is Back: Delete These 15 Apps From Your Android Phones Right Now
The exploit, dubbed ?Log4Shell? is an RCE vulnerability that allows for total system takeover. Many services are vulnerable to this exploit as many use Java in their codes and Log4j for logging. ?Anybody using Apache Struts is likely vulnerable. We?ve seen similar vulnerabilities exploited before in breaches like the 2017 Equifax data breach,? Cybersecurity firm LunaSec said in a post.
The vulnerability can be triggered by something as small as changing an iPhone name. There is strong evidence that hackers have begun to mass scan the internet for applications in which this vulnerability has yet to be patched. Hence, those who are using Log4j in their software should upgrade it to the latest 2.15 version immediately.
Read all the Latest Tech News here
Comments
0 comment