A bug discovered in a popular Java-based logging package – Log4j is now shaking up the online world. Anyone who’s able to exploit it can effectively take over the system with all admin privileges.
Researchers saw active exploitation of this bug online, and it’s really worrying since a number of major services like Apple, Minecraft, Steam, etc use it. A patch for it was made available, but it’s threatening until the system admins update and keep their servers safe.
An Easily Exploitable Security Vulnerability
A researcher named Chen Zhaojun from the Alibaba Cloud Security team has found a critical security vulnerability in Log4j, that’s now putting millions of users worldwide at risk indirectly. Log4j is a popular Java-based logging package used by most tech companies in their regular operations.
Developed by the Apache Software Foundation, Log4j logs user-controlled strings and is a common practice by sysadmins for spotting a potential platform abuse. Now, all versions of this package between 2.0-beta-9 and version 2.14.1 are vulnerable to a bug dubbed as CVE-2021-44228.
Mass scanning activity detected from multiple hosts checking for servers using Apache Log4j (Java logging library) vulnerable to remote code execution (https://t.co/GgksMUlf94).
Query our API for "tags=CVE-2021-44228" for source IP addresses and other IOCs. #threatintel
— Bad Packets (@bad_packets) December 10, 2021
And this is so severe that a proof-of-concept exploit of this was already made available online. This made malicious threat actors exploit the bug in whatever service they think of, and is being done actively! Log4j is used in general processes by many popular companies like Apple, Minecraft, Steam, etc.
Though a patch was made available (in recent version 2.15.0), many services are yet to update it. Anyone using the Apache Struts too is deemed vulnerable to attacks. The exploit is so simple that, researchers said changing an iPhone’s name too can trigger the bug in remote Apple’s servers!
To tackle this RCE bug, New Zealand’s National Computer Emergency Response Team has issued a security advisory, confirming the active abuse of this exploit online. This was confirmed by Cloudflare, Kevin Beaumont, a renowned security researcher and the Coalition Director Of Engineering.
