Everyone is preparing to fix the problem. What began as a security problem for fans of the popular video game Minecraft quickly turned into a global crisis on the Internet.
In short, a particularly serious vulnerability has been discovered in the widely used Java logging library Apache Log4j – the likes of which affect large groups of widely used platforms.
The bug initially gained widespread attention on Friday as an issue affecting players of Minecraft’s Java Edition. in a and PSA Published Friday, company officials warned gamers that the security flaw needs immediate attention. “This vulnerability poses a potential risk of your computer being compromised, and while this exploit has been addressed with all versions of the game client patched, you still need to take the following steps to secure your game and servers,” the statement reads. Step by Step Patching guide.
The vulnerability, dubbed Log4Shell, has been officially identified as CVE-2021-44228 It is from the Apache Software Foundation and appears to have been given a severity rating of 10 on the Common Vulnerability System scale – the highest possible rating.
But, unfortunately, as noted earlier, Minecraft is not the only application that is threatened by this bug. In fact, we may have a very big problem here—reportedly”MillionsFrom applications that use log4j, including some websites Biggest platforms (See: Apple, Twitter, Cloudflare, Valve, etc.). Cybersecurity experts took to the Internet on Friday to express their grave concern about the vulnerability. They pretty much beg companies to fix their systems right away.
Robert Graham, accyber security expert, temporarily changed His Twitter username to “THREAT LEVEL RED FIX YOUR LOG4J.” The famous British pirate Marcus Hutchins Call Weakness is very bad. And even the director of cybersecurity at the National Security Agency, Rob Joyce, knock in: “The log4j vulnerability is a major threat toExploitation due to extensive inclusion in software frameworks, even GHIDRA for the National Security Agency,” he claimed.
Reports of active exploitation also started pouring in. GrayNoise, a security company, wrote on twitter It was seeing an active exploit of the flaw: “GreyNoise is detecting a sharply increasing number of hosts opportunistically exploiting Apache Log4J CVE-2021-44228. The exploit occurs from approximately 100 distinct hosts, nearly all of which are Tor exit nodes.” Other security companies have made similar assessments.
More information about vulnerability and mitigation steps It can be found on the Apache website. If your organization uses log4j Library, security experts they recommend Upgrade to log4j-2.1.50.rc2 immediately. You better do it! This is just the beginning of this very serious vulnerability.