An "extremely bad" Log4Shell exploit was spotted giving hackers an easy way to execute code on machines with the vulnerability. With that, security teams and companies both big and small are all trying to patch up a recently discovered vulnerability called Log4Shell.
Log4Shell Vulnerability Opens a Door to Hackers
According to the story by The Verge, Log4Shell has the potential to enable hackers to compromise millions of different devices throughout the internet. If exploited, the vulnerability will provide hackers with access to remote code execution on servers remaining vulnerable.
Once a hacker gets in, they can then import malware to do the damage and completely compromise different machines. To expand, the vulnerability was spotted in log4j which is an open-source logging library that is used by apps and services stretching throughout the internet.
Libraries Like Log4j at Risk
Logging is known as the process whereby applications keep a list running of different activities they have performed in order to be reviewed later should an error occur. With that, almost every network security system is using some form of logging process which provides popular libraries like log4j an enormous reach.
A prominent security researcher widely known for stopping the global WannaCry malware attack, Marcus Hutchins, shares his sentiments in a tweet. As per Hutchins, millions of applications make use of Log4j for logging and all the attacker would need to do is to get the app to log some form of "special string."
Minecraft Servers was Where the Vulnerability was Spotted
The exploit was initially spotted on Minecraft servers, as per an earlier article by TechTimes. To add, it was found that hackers could trigger the vulnerability through simply posting chat messages.
GreyNoise, a security analysis company, tweeted out that the company found numerous servers searching the internet for machines that are vulnerable to the newly discovered exploit. To expand, a LunaSec blog post shared that the gaming platform Steam as well as Apple's iCloud had been found to be vulnerable.
Read Also: Microsoft Researchers Revealed They've Used a 'Hide-and-Seek' Method to Train AI to Find Bugs
The Dangers of This Vulnerability Explained
LunaSec is an application security company that found that in order to exploit the vulnerability, attackers have to cause the application to save a certain string of characters in the log. Since applications usually log a wide range of events including messages sent and received by users, the vulnerability can be triggered in a number of ways.
John Graham-Cumming, Cloudflare CTO, shared a statement to The Verge. As per the CTO, this is a very serious vulnerability due to the widespread use of Java as well as the log4j package.
The Cloudflare CTO said that there is a tremendous amount of Java software that is connected to the internet in back-end systems. To add, due to the diversity of applications that are vulnerable to the exploit as well as the range of potential delivery mechanisms, firewall protection alone won't be able to completely eliminate the risk.
Related Article: Android 12 Update | These Symbols Lets You Know if Someone is Watching
This article is owned by Tech Times
Written by Urian B.