Apache Log4j, dubbed CVE-2021-44228, is an open-source logging utility in almost all major Java-based applications and servers. Currently running on 3 billion devices worldwide, Log4j has been exposed to a high-risk vulnerability underactive and vigorous exploitation. As of December 10th, nearly 10,000+ attacks exploiting this vulnerability have been discovered and that number continues to proliferate. The zero-day exploit named “Log4Shell” affects all industries and has impacted several popular services, including Apple iCloud, Twitter, Steam and Minecraft.
The exploitation of this vulnerability is simple and only requires the attacker to enter a piece of code into the target triggering the vulnerability, allowing the attacker to remotely control the user victim’s server.
“In the case of Minecraft, attackers were able to get remote code execution on Minecraft servers by simply pasting a short message into the chatbox.”
— Marcus Hutchins @MalwareTechBlog
|Updated Alert Available
Read the Update