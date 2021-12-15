The recently discovered vulnerability known as Log4j is currently causing chaos on the internet, as cyber defenders try to fix the flaw, while cybercriminals try to exploit its weaknesses and steal information.

In computing terms, a vulnerability is a weakness or failure in an information system that puts its security at risk. In this case, apparently detected on December 2, the vulnerability affects Apache Log4j, an open source library widely used and popular among developers, whose objective is to keep a log of activities in various applications.

The problem that this vulnerability generates can potentially affect different companies and services such as Apple iCloud or Steam clouds. As well as the construction video game Minecraft and other platforms that use Java programming language.

The threat is “extremely critical”

“The Apache Log4j remote code execution vulnerability is the largest and most critical vulnerability of the past decade,” said Amit Yoran, CEO of Tenable, a network security company, and the founding director of the Emergency Preparedness Team. US IT

The US and German governments, for example, have publicly warned about the risks of the discovered vulnerability: “The threat situation is extremely critical. Immediate protection measures are required,” the Interior Ministry spokesman said. German, Steve Alter.

It will take time to fully resolve the failure

Although Apache, the maker of Log4j, released a partial fix for the vulnerability on Friday (12.10.2021), affected companies and cyber defenders will need time to locate the vulnerable software and properly implement the patches. According to security experts, Log4j is maintained by a few volunteers.

In practice, the bug allows an outsider to enter an active code in the registration process. That code then instructs the server hosting the software to execute a command that gives the hacker control.

Hackers try to take advantage of the flaw

The problem was first disclosed publicly by a security researcher working for Chinese technology company Alibaba Group Holding Ltd, Apache noted in its security advisory.

So far no major cyber incidents have been publicly documented as a result of the vulnerability, but researchers are seeing an alarming rise in hacker groups trying to exploit the flaw for espionage.

