A bug discovered in a popular Java-based logging package – Log4j is now shaking up the online world. Anyone who’s able to exploit it can effectively take over the system with all admin privileges.
Researchers saw active exploitation of this bug online, and it’s really worrying since a number of major services like Apple, Minecraft, Steam, etc use it. A patch for it was made available, but it’s threatening until the system admins update and keep their servers safe.
An Easily Exploitable Security Vulnerability
A researcher named Chen Zhaojun from the Alibaba Cloud Security team has found a critical security vulnerability in Log4j , that’s now putting millions of users worldwide at risk indirectly. Log4j is a popular Java-based logging package used by most tech companies in their regular operations.
Developed by the Apache Software Foundation, Log4j logs user-controlled strings and is a common practice by sysadmins for spotting a potential platform abuse. Now, all versions of this package between 2.0-beta-9 and version 2.14.1 are vulnerable to a bug dubbed as CVE-2021-44228 .
Mass scanning activity detected from multiple hosts checking for servers using Apache Log4j (Java logging library) vulnerable to remote code execution ( https://t.co/GgksMUlf94 ). Query our API for “tags=CVE-2021-44228” for source IP addresses and other IOCs. #threatintel — Bad Packets (@bad_packets) December 10, 2021
