Serious security vulnerability affects Minecraft, iCloud, Steam and pretty much the whole of the internet

A new zero-day vulnerability in the popular Java logging framework Log4j has been discovered which has the potential to affect Minecraft, ...

A new zero-day vulnerability in the popular Java logging framework Log4j has been discovered which has the potential to affect Minecraft, iCloud, Steam and numerous other software products that use Java in their code.

Tracked as CVE-2021-44228, this type of vulnerability is especially dangerous as it can be exploited to run any code and requires very low skills for an attacker to pull off. Since Apache's Log4j is almost ubiquitous in Java applications, immediate action is required by software maintainers who will need to patch it to prevent falling victim to any potential attacks.

To put this vulnerability into context, a similar one was used in the 2017 hack of Equifax which led to the personal data of 149.7m people being exposed online. 

This new exploit could end up being even more dangerous though as Log4j has been widely adopted in most of the Java ecosystem.

Log4j exploit

According to a new blog post from Sonatype, news of the Log4j exploit broke when a vulnerability Proof of Concept (PoC) was published in a GitHub repository and made public.

The vulnerability affects Apache Log4j between versions 2.0 and 2.141 and at the time of writing, there have already been reports of it being successfully exploited on some Java 11 runtimes. Thankfully though, Apache has published a fix to the issue but now software makers will still need to install it to protect their customers.

This vulnerability affects any application that uses Log4j for logging including popular games such as Minecraft where Sonatype has already seen evidence of it being exploited using its built-in chat functionality. Just like with other remote code execution attacks in the past, there is also strong evidence that hackers and other cybercriminals have begun to mass scan the internet for applications in which this vulnerability has yet to be patched.

Organizations using Log4j in their software should upgrade it to the latest 2.15 version immediately which is available from Maven Central.

CTO of Sonatype, Brian Fox provided further insight on the Log4j vulnerability and the potential impact it could have worldwide in an email to TechRadar Pro, saying:

“This new Log4j vulnerability is likely going to be another “flashbulb memory” event in the timeline of significant vulnerabilities. It is the most widely used logging framework in the Java ecosystem. The scope of affected applications is comparable to the 2015 commons-collection vulnerability (CVE 2015-7501) because attackers can safely assume targets likely have this on the classpath. The impact is comparable to previous Struts vulnerabilities, like the one that impacted Equifax, because the attacks can be done remotely, anonymously without login credentials, and leads to a remote exploit. The combination of scope and potential impact here is unlike any previous component vulnerability I can readily recall.”

We've also featured the best antivirus, best endpoint protection software and best patch management tools



from TechRadar - All the latest technology news https://ift.tt/30ld9Nu
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,189,Video,5,XIAOMI,13,YouTube - 9to5Google,188,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Serious security vulnerability affects Minecraft, iCloud, Steam and pretty much the whole of the internet
Serious security vulnerability affects Minecraft, iCloud, Steam and pretty much the whole of the internet
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2021/12/serious-security-vulnerability-affects.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2021/12/serious-security-vulnerability-affects.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy