Critical Vulnerability in a Popular Software Sets Internet on Fire

Teodora Dobrilova
Teodora Dobrilova

Updated · Feb 21, 2022

SHARE:

Techjury is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.

Log4Shell is located in open-source Apache software and is possibly the worst computer vulnerability in the last decade.

Vulnerability Turned Into a Weapon

The flaw was already exploited in Minecraft and is rapidly becoming a major threat to organizations globally. It was found in a utility that's present in cloud servers and enterprise software used worldwide. 

According to Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike, people have already managed to weaponise Log4Shell.

“The internet’s on fire right now,” said Meyers. “People are scrambling to patch and all kinds of people scrambling to exploit it.”

The vulnerability was found in the open-source Apache software, which millions use to run web services and sites. It allows attackers to access web servers, without even needing a password. Professional hackers and novices alike can use Log4Shell to install malware, steal data, erase information, etc. from internal networks.

The Apache Software Foundation rated the flaw 10 on a scale of one to 10, making it possibly the worst issue in the last decade.

Dealing with Log4Shell, however, is a problem on its own. Some businesses and cloud providers - for example, Amazon - might be able to update their servers without much hassle. But owners of third-party programs will surely encounter difficulties. 

Affected Parties

The first ones to exploit the flaw were users of Minecraft servers. They were using it to execute programs on the computers of other players by sending a short message in a chatbox. 

Microsoft, however, acted fast and issued a software update. The fix will protect all who apply it.

In addition to Minecraft, Log4Shell can harm servers of different companies, including:

Cloudflare didn’t find an issue with its servers. The rest of the listed companies are yet to comment.

Sources.

SHARE:

Teodora Dobrilova

Teodora Dobrilova

Teodora devoted her whole life to words – reading, writing and trying to be original on social media. She got certified in digital marketing but still feels she’s not cool enough to be an influencer. (We all disagree – she influences the team pretty well.) She finished a master’s degree focused in Literature, Publishing, Mass Media. Her hobbies include traveling, and reading. Teddy hopes that yoga will be the thing to finally teach her some patience and show her the path toward world domination. Maybe modern tech can also help her with that.

Leave your comment

Your email address will not be published.