Zero Day in Ubiquitous Apache Log4j Tool under Active Attack

75
Zero Day in Ubiquitous Apache Log4j Tool under Active Attack

Many popular services, including Apple iCloud, Twitter, Cloudflare, Minecraft and Steam, are reported to be at risk of zero-day exploitation affecting the popular Java logging library.

The vulnerability, dubbed “Log4Shell” by LunaSec researchers and recommended by Chen Zhaojun of Alibaba, was discovered in Apache Log4j, an open source login application used on a large number of applications, websites and services. The vulnerability of Log4Shell poses a serious threat to anyone using the popular Apache Struts framework that opens the source and could lead to a little internet crash soon.

A terrible, easily exploited error in the Java encrypted Java library The Apache Log4j could allow unauthorized remote (code) (RCE) encryption and complete server retrieval – and exploited in the wild.

Read More: Threatpost

For more such updates follow us on Google News ITsecuritywire News