The cybersecurity landscape is on fire due to an easily exploitable vulnerability in a popular Java logging library, Log4j. It is used by all popular software and services and may already be affecting the everyday desktop and smartphone user.
How Bad is the Log4j Security Vulnerability? Everything You Need to Know About Log4Shell.
Cybersecurity experts see a wide range of potential uses for the Log4j exploit that have already surfaced on the dark web, ranging from abusing Minecraft servers to more high-profile issues that they believe could potentially affect Apple iCloud.
“This Log4j vulnerability has a trickle-down effect, affecting all major software vendors that may be using this component as part of their application packaging,” John Hammond, Senior Security Researcher at Huntress, told Lifewire via email. “The security community has discovered vulnerable applications from other technology manufacturers such as Apple, Twitter, Tesla, [and] Cloudflare, among others. At this time, the industry is still investigating the massive attack surface and risk this vulnerability presents.”
The vulnerability, tracked as CVE-2021-44228 and named Log4Shell, has the highest severity score of 10 in the Common Vulnerability Scoring System (CVSS).