The Log4Shell exploit offers attackers an easy way to run malicious code on any vulnerable machine.
A new exploit called “ Log4Shell ” is creating several problems for the security teams of large technology companies. If exploited, the vulnerability allows hackers to execute malicious code on vulnerable servers and can reportedly affect platforms such as iCloud and Steam.
As detailed by security firm LunaSec, the vulnerability was first found in log4j , an open source library used by multiple apps and websites for logging, which is the process of keeping a list of activities performed to examine them in below to fix bugs or other errors.
According to security researcher Marcus Hutchins, Log4Shell could affect millions of apps around the world as the log4j library is widely used by developers. To exploit the vulnerability, hackers must save a special string with specific characters in the registry.
To exploit the vulnerability, an attacker would have to cause the application to save a special string of characters in the registry. Because applications regularly log a wide variety of events, such as messages sent and received by users or details of system errors, the vulnerability is unusually easy to exploit and can be triggered in a variety of ways.
Recently, the Log4Shell exploit was found on Minecraft servers where hackers used the vulnerability via chat messages. LunaSec says Apple’s iCloud is also vulnerable to the new exploit . Furthermore, attackers can even activate the malicious code via QR codes, which makes the exploit even more dangerous.
Apple and other companies have not responded to a request for comment, but they are certainly working to fix the exploit as soon as possible.
Recent Comments