cutaugust35

Logging Library for Millions of Apps is a Serious Vulnerability

A vulnerability known as Log4Shell found in open-source logging library Log4j exposes millions of devices vulnerable to attacks. The Verge points out that applications and services keep the track of every event during their operation, giving them the ability to analyse how their program is performing and also to determine what went wrong when there are mistakes. Log4j is a popular and widely used logging library, and even popular cloud services like Steam and iCloud as well as applications like Amazon, Twitter and Minecraft are reportedly vulnerable to attacks that exploit Log4Shell.

According to Ars Technica, it first was discovered after Minecraft websites started reporting about an issue that allowed hackers to execute malicious code in the game. It was soon apparent that the problem doesn't affect Minecraft only. Marcus Hutchins, a security researcher who stopped the spread of WannaCry malware identified the vulnerability as "extremely serious" because millions of applications utilize Log4j to log.

The malicious actors could exploit it to remotely execute programs on servers, directing them to download and execute malware that could compromise companies' and people's data. It's also quite easy to exploit and could be triggered by posting messages. Hutchins claimed that in the case of Minecraft the attackers were capable of executing code remotely by posting a message on the chatbox. In an article on its blog the app security firm LunaSec said triggering the vulnerability in Apple's servers is as easy as changing the iPhone's name.
Gaming

Log4j has already released an update for the vulnerability, and affected services like Minecraft and Cloudflare have already issued patches to safeguard users. Anyone running their own network using Log4j may also want to update their systems at the soonest possible time, if they are able.
Gaming