The “zero-day” exploit (which is a cyber attack targeting a software vulnerability unknown to software vendors / antiviruses) is found in the widely used Java logging system called “log4j2”.
If exploited, the vulnerability allows remote code execution (RCE) on vulnerable servers, giving hackers the ability to import malware that would completely compromise millions of machines.
“A large number of services are vulnerable to this exploit. Cloud services like Steam, Apple iCloud and apps like Minecraft have already been shown to be vulnerable, ”said researchers from application security firm LunaSec.
“Anyone using Apache Struts is likely vulnerable. We have already seen similar vulnerabilities exploited in breaches like the Equifax data breach in 2017,” the researchers noted in a blog post Friday night.
Many open source projects like the Minecraft server, Paper, have already started to correct their use of “log4j2”.
According to a TechCrunch report, companies whose servers have confirmed they are vulnerable to the “Log4Shell” attack so far include Apple, Amazon, Cloudflare, Twitter, Steam, Baidu, NetEase, Tencent and Elastic, “although ‘there are probably hundreds, if not thousands, of other organizations involved.
In a statement, Cloudflare said it has updated its systems to prevent the attacks, adding that it has not seen any evidence of exploitation.
“The Log4j vulnerability is a significant threat to exploitation due to its widespread inclusion in software frameworks, even the NSA’s GHIDRA,” said Robert Joyce, director of cybersecurity at the States National Security Agency (NSA). -United.
GHIDRA is a free and open source reverse engineering tool developed by the agency.
The New Zealand Computer Emergency Response Team (CERT), Deutsche Telekom’s CERT and Web Watch Service Greynoise have also warned that hackers are actively looking for servers vulnerable to “Log4Shell” attacks.
The Apache Software Foundation also released an emergency security update to address the zero-day vulnerability in ‘log4j’.
na / ksk /