Breaking the security of log4j and thousands of internet services

Security holes are never welcome, especially when they have a lot of impact, as the new Log4Shell introduces. This flaw is present in a component that many major Internet services use.

Its importance is such that there are already several warnings, and many are preparing their own updates. Log4Shell poses a security risk and now a solution is available, everyone should update their applications as soon as possible.

Despite the fact that it is present in a component that very few people know about, the disadvantage that Log4Shell carries. influences almost everywhere on the Internet and in many of the services that exist on it. It is present in Log4j, a Java library for logging.

Present in services such as iCloud, Steam, Minecraft and many others, it has a vulnerability that allows an attacker to run remote code on these platforms. It is known to be actively exploited, and if it was originally focused on mining malware, it opened up and is now being used for much more.

This was another flaw, discovered almost by accident, but as soon as it was discovered, it immediately activated many security experts. Present in Log4j versions 2.0-beta-9 through 2.14.1, it was immediately fixed. in version 2.15.0 this Java library.

With one Proof of Concept Now Availableis quickly proven to be extremely easy to use. A simple name change on iPhone or DNS lookup can cause this problem and thus open the door for attackers.

Since many online services are already working to resolve this issue, it is important that users follow these instructions. They also need to keep the applications of these services up to date to ensure security on all fronts.

With a very high severity, Log4Shell is described as even worse than the well-known Heartbleed. This flaw in Log4j is taking the Internet by storm and shows that much of what was thought to be safe is actually exposed and has serious security issues.