Article 5SXEF The Internet’s biggest players are all affected by critical Log4Shell 0-day

The Internet’s biggest players are all affected by critical Log4Shell 0-day

by
Dan Goodin
from Ars Technica - All content on (#5SXEF)
log4shell-logo-800x359.png

Enlarge (credit: Kevin Beaumont)

The list of services with Internet-facing infrastructure that is vulnerable to a critical zero-day vulnerability in the open source Log4j logging utility is immense and reads like a who's who of the biggest names on the Internet, including Apple, Amazon, Cloudflare, Steam, Tesla, Twitter, and Baidu.

The vulnerability, now going by the name Log4Shell, came to light on Thursday afternoon, when several Minecraft services and news sites warned of actively circulating attack code that exploited the vulnerability to execute malicious code on servers and clients running the world's bestselling game. Soon, it became clear that Minecraft was only one of likely thousands of big-name services that can be felled by similar attacks.

A compilation of screenshots posted online documents how some of the world's most popular and trusted cloud-based services react when they are fed parameters used in the attack. To wit:

Read 7 remaining paragraphs | Comments

index?i=1J0ZBsEBNmM:s_lj7zncsTo:V_sGLiPB index?i=1J0ZBsEBNmM:s_lj7zncsTo:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments