Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Serious security vulnerability affects Minecraft, iCloud, Steam and pretty much the whole of the internet

Image Description

A new zero-day vulnerability in the popular Java logging framework Log4j has been discovered which has the potential to affect Minecraft, iCloud, Steam and numerous other software products that use Java in their code.

Tracked as CVE-2021-44228, this type of vulnerability is especially dangerous as it can be exploited to run any code and requires very low skills for an attacker to pull off. Since Apache's Log4j is almost ubiquitous in Java applications, immediate action is required by software maintainers who will need to patch it to prevent falling victim to any potential attacks.

To put this vulnerability into context, a similar one was used in the 2017 hack of Equifax which led to the personal data of 149.7m people being exposed online. 

This new exploit could end up being even more dangerous though as Log4j has been widely adopted in most of the Java ecosystem.

Log4j exploit

According to a new blog post from Sonatype, news of the Log4j exploit broke when a vulnerability Proof of Concept (PoC) was published in a GitHub repository and made public.

The vulnerability affects Apache Log4j between versions 2.0 and 2.141 and at the time of writing, there have already been reports of it being successfully exploited on some Java 11 runtimes. Thankfully though, Apache has published a fix to the issue but now software makers will still need to install it to protect their customers.

This vulnerability affects any application that uses Log4j for logging including popular games such as Minecraft where Sonatype has already seen evidence of it being exploited using its built-in chat functionality. Just like with other remote code execution attacks in the past, there is also strong evidence that hackers and other cybercriminals have begun to mass scan the internet for applications in which this vulnerability has yet to be patched.

Organizations using Log4j in their software should upgrade it to the latest 2.15 version immediately which is available from Maven Central.

CTO of Sonatype, Brian Fox provided further insight on the Log4j vulnerability and the potential impact it could have worldwide in an email to TechRadar Pro, saying:

“This new Log4j vulnerability is likely going to be another “flashbulb memory” event in the timeline of significant vulnerabilities. It is the most widely used logging framework in the Java ecosystem. The scope of affected applications is comparable to the 2015 commons-collection vulnerability (CVE 2015-7501) because attackers can safely assume targets likely have this on the classpath. The impact is comparable to previous Struts vulnerabilities, like the one that impacted Equifax, because the attacks can be done remotely, anonymously without login credentials, and leads to a remote exploit. The combination of scope and potential impact here is unlike any previous component vulnerability I can readily recall.”

We've also featured the best antivirus, best endpoint protection software and best patch management tools

Date

10 Dec 2021

Sources


Share


Other Blog

  • The best cheap MacBook deals, sales and prices in June 2021

    We're scouring the web for the best cheap MacBook deals and sales so you can pick up a luxury laptop for less.

    Read More
  • Customers could land great deals this festive season in India - here's why

    Both Amazon and Flipkart announced robust sales during their respective sales in August and reports indicate that the eCommerce players are preparing at doubling this growth over the next few months, at least in select categories

    Read More
  • If you get an email from any of these companies, think twice before opening

    Phishing campaigns use top tech firms to try and lure victims in.

    Read More
  • Best business tablets of 2021: top picks for productivity slates

    If a laptop isn't your style, you'll want to check out the best business tablets on the market.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us