Internet users at high risk! New vulnerability allows malicious actors to take control of devices

A major vulnerability has been discovered in Apache Java logging library, Log4j. It can be exploited to gain control of various servers which impacts some of the biggest companies as well as some third-party small companies. The major issue with this new vulnerability is that almost any malicious actor can take control of the servers with extreme ease. The exploiter can then take control of some of the systems that uses these servers.

The Indian cybersecurity agency Cert-In has also issued an alert against the new vulnerability with the severity rating of ‘high’. Log4j, is a popular Java-based logging package that has been built by Apache Software foundation. Almost all versions of the software have been impacted by the vulnerability ranging from 2.0-beta-9 to version 2.14.1. While Apache did release a fix in version 2.15.0 in its latest update, the real challenge will be to get all the servers that use its software to update the patch in time. Cybersecurity experts have called it one of the biggest threats to ever face the internet.

According to the Indian nodal cybersecurity agency, the vulnerability could allow a remote attacker to gain full control of the targeted servers. The remote attacker could exploit this vulnerability by injecting a specially crafted malicious payload.

If the malicious actor becomes successful in exploiting this vulnerability, they can execute arbitrary code and lead to gain full control of the targeted servers.

Popular game Minecraft is one of the platforms where the vulnerability has been in active use. Some users on the online gaming platform have managed to control systems of other users by just pasting short messages in the chat box. Microsoft owns Minecraft and it has already released a patch for the vulnerability. Any user on the latest version, will be safe from the vulnerability. Some other big platforms that may have already been impacted includes Apple, Amazon and Twitter.

Marcus Hutchins, a cybersecurity specialist stated,  “This log4j (CVE-2021-44228) vulnerability is extremely bad. Millions of applications use Log4j for logging, and all the attacker needs to do is get the app to log a special string. So far iCloud, Steam, and Minecraft have all been confirmed vulnerable.”

The flaw was first discovered late in November by the cybersecurity team of Chinese tech giant Alibaba. The fix to the vulnerability was developed in two weeks and then released by  Apache Software Foundation.

The post Internet users at high risk! New vulnerability allows malicious actors to take control of devices appeared first on BGR India.

Go to Source

Leave a Reply

Your email address will not be published.