Security teams at major and small businesses are hurrying to patch a previously undiscovered vulnerability known as Log4Shell, which could allow hackers to compromise millions of devices on the internet.
The vulnerability, if exploited, allows remote code execution on susceptible servers, allowing an attacker to import malware that would entirely infiltrate devices.
‘Log4j’, an open-source logging library used by apps and services all over the internet, has a vulnerability. Logging is a technique in which apps maintain track of the actions they’ve carried out so that they can be evaluated later in the event of an error. Almost every network security system employs some form of logging, giving popular libraries like log4j a wide range of applications.
Marcus Hutchins, a well-known security researcher best renowned for stopping the worldwide WannaCry virus outbreak, stated on Twitter that millions of applications would be impacted. “Log4j is used by millions of applications for logging, and all an attacker needs to do is get the programme to log a specific string,” Hutchins wrote in a tweet.
The vulnerability was first identified on sites that hosted Minecraft servers, where attackers could exploit it by sending chat messages. According to a tweet from security analysis firm GreyNoise, the business has already spotted multiple servers exploring the internet for susceptible PCs.
According to a blog post by application security firm LunaSec, gaming platform Steam and Apple’s iCloud have both been discovered to be vulnerable. A request for comment from both Valve and Apple was not immediately returned.
An attacker must force the programme to save a certain string of characters in the log in order to exploit the flaw. The vulnerability is exceptionally straightforward to exploit and can be triggered in a variety of ways because apps routinely log a wide range of events — such as messages sent and received by users or information of system problems.
Cloudflare CTO John Graham-Cumming told The Verge, “This is a pretty dangerous issue because of the broad use of Java and this package log4j.” “Java software is widely used on the internet and in back-end systems. Heartbleed, which allowed you to acquire information from servers that should have been safe, and Shellshock, which let you to run code on a distant machine, are the only two other exploits that come to me when I think back over the last ten years.”
Firewall protection alone, however, does not remove risk due to the variety of programmes vulnerable to the exploit and the variety of alternative delivery mechanisms. The exploit could theoretically be carried out physically by encasing the attack string in a QR code that was scanned by a package delivery service, allowing it to enter the system without having to go over the internet.
Although a patch for the log4j library has been issued, Log4Shell remains a serious danger due to the time it will take to update all affected machines.