Critical Vulnerability in a Popular Software Sets Internet on Fire

Log4Shell is located in open-source Apache software and is possibly the worst computer vulnerability in the last decade.

Vulnerability Turned Into a Weapon

The flaw was already exploited in Minecraft and is rapidly becoming a major threat to organizations globally. It was found in a utility that's present in cloud servers and enterprise software used worldwide. 

According to Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike, people have already managed to weaponise Log4Shell.

“The internet’s on fire right now,” said Meyers. “People are scrambling to patch and all kinds of people scrambling to exploit it.”

The vulnerability was found in the open-source Apache software, which millions use to run web services and sites. It allows attackers to access web servers, without even needing a password. Professional hackers and novices alike can use Log4Shell to install malware, steal data, erase information, etc. from internal networks.

The Apache Software Foundation rated the flaw 10 on a scale of one to 10, making it possibly the worst issue in the last decade.

Dealing with Log4Shell, however, is a problem on its own. Some businesses and cloud providers - for example, Amazon - might be able to update their servers without much hassle. But owners of third-party programs will surely encounter difficulties. 

Affected Parties

The first ones to exploit the flaw were users of Minecraft servers. They were using it to execute programs on the computers of other players by sending a short message in a chatbox. 

Microsoft, however, acted fast and issued a software update. The fix will protect all who apply it.

In addition to Minecraft, Log4Shell can harm servers of different companies, including:

• Apple
• Twitter
• Amazon
• Cloudflare.

Cloudflare didn’t find an issue with its servers. The rest of the listed companies are yet to comment.