Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet

by
Dan Goodin
from Ars Technica - All content on (#5SWKZ)
cyber-cyber-cyber-800x578.jpeg

Enlarge (credit: Getty Images)

Exploit code has been released for a serious code-execution vulnerability in Log4j, an open source logging utility that's used in countless apps, including those used by large enterprise organizations, several websites reported last Thursday.

Word of the vulnerability first came to light on sites catering to users of Minecraft, the best-selling game of all time. The sites warned that hackers could execute malicious code on servers or clients running the Java version of Minecraft by manipulating log messages, including from things typed in chat messages. The picture became more dire still as Log4j was identified as the source of the vulnerability, and exploit code was discovered posted online.

A big deal

The Minecraft side seems like a perfect storm, but I suspect we are going to see affected applications and devices continue to be identified for a long time," HD Moore, founder and CTO of network discovery platform Rumble, said. This is a big deal for environments tied to older Java runtimes: Web front ends for various network appliances, older application environments using legacy APIs, and Minecraft servers, due to their dependency on older versions for mod compatibility."

Read 13 remaining paragraphs | Comments

index?i=lqItMeUbZBE:OnCtW2Yco78:V_sGLiPB index?i=lqItMeUbZBE:OnCtW2Yco78:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments