[ad_1]
A loophole A widely used log library has become a comprehensive security breakdown that affects the entire digital system of the Internet. Hackers are already trying to take advantage of it, but even if a fix appears, the researchers warn that the flaw may have a serious impact on a global scale.
The problem is Log4j, which is a ubiquitous open source Apache logging framework that developers use to log activities in applications. Security responders are scrambling to fix the vulnerability, which can easily be exploited to remotely control vulnerable systems. At the same time, hackers are actively scanning the affected systems on the Internet. Some people have developed tools that can automatically try to exploit the vulnerability, as well as worms that can independently spread from one vulnerable system to another under appropriate conditions.
Log4j is a Java library. Although this programming language is not very popular with consumers, it is still widely used in enterprise systems and Web applications. Researchers told Wired on Friday that they expect many mainstream services to be affected.
For example, Microsoft owned my world on Friday Post Detailed instructions on how players with the Java version of the game should patch their systems. “This vulnerability affects many services-including Minecraft Java Edition,” the post read. “This vulnerability may cause your computer to be compromised.” Cloudflare CEO Matthew Prince Tweet On Friday, the problem was “so bad” that Internet infrastructure companies will try to at least roll out Some protection Even for customers who use its free service layer.
All an attacker needs to take advantage of this vulnerability is to strategically send the malicious code string finally recorded by Log4j. This vulnerability allows an attacker to load arbitrary Java code on the server, thereby controlling them.
“This is a catastrophic design failure,” said Free Wortley, CEO of LunaSec, an open source data security platform.Company researcher Issued a warning And Thursday’s preliminary assessment of Log4j vulnerabilities.
my world Screenshots circulating on the forum appear to show that players have exploited the vulnerability my world Chat function. On Friday, some Twitter users started to change their display name to a string of code that could trigger the exploit.Another user Changed his iPhone name Do the same thing and submit the findings to Apple. The researchers told Wired that this method may also be applicable to e-mail.
U.S. Cybersecurity and Infrastructure Security Agency Alert About Friday’s vulnerability same as before CERT in Australia.New Zealand Government Cyber Security Organization alarm Noted that the vulnerability is reportedly being actively exploited.
“This is too bad,” Watley said. “A lot of people are vulnerable and it’s easy to take advantage of. There are some mitigating factors, but in the real world, there will be many companies that are not on the current version scrambling to solve this problem.”
Apache rated the vulnerability as having “critical” severity and Publish Friday’s patches and mitigation measures. The organization said that Chen Zhaojun of the Alibaba Cloud security team first disclosed the vulnerability.
[ad_2]
Source link
