A newly found zero-day vulnerability in Apache Log4j, a widely used Java logging library, is simple to exploit and allows attackers to take complete control of vulnerable systems.
The vulnerability, identified as CVE-2021-44228, is rated as severe and allows for unauthenticated remote code execution if the user running the application uses the Java logging library.
A zero-day vulnerability in Log4j has been found, and it affects iCloud, Minecraft, Steam, and other services.
The Log4j vulnerability, which affects the Java logging framework, has been identified to be susceptible in cloud services like Steam and Apple iCloud, as well as apps like Minecraft.
HIGHLIGHTS
- Digital systems all across the Internet have been affected by a vulnerability in Log4j, a widely used logging framework.
- The logging library vulnerability is simple to exploit, as it allows attackers to take entire control of affected servers.
- Minecraft isn't the only platform affected; the vulnerability in Log4j appears to have infected the whole Java environment.
Examining log files for any services implementing vulnerable Log4j versions might help organisations figure out whether they're affected.
Users should set log4j2.formatMsgNoLookups=True to minimise vulnerabilities by adding "Dlog4j2.formatMsgNoLookups=True" to the JVM command for launching the application.
It is critically advised that Log4j versions be upgraded to log4j-2.15.0-rc1 to prevent the library from being attacked.
"We recommend all businesses to adopt an assumed breach approach and analyse logs for vulnerable apps for odd behaviour if you feel you may be impacted by CVE-2021-44228," says the advisory.
"If abnormalities are discovered, we advise you to presume this is an active event and that you have been hacked, and to respond appropriately."
For all the latest Security Updates, Reach us.
Thanks and regards,
Priyadharshini | Cyber Security Services | Cloud Security Services
.jpg)
%20(1).jpg)
No comments:
Post a Comment