comscore Vulnerability in broadly-used software causes massive risk to internet users
News

Internet users at high risk! New vulnerability allows malicious actors to take control of devices

The Indian cybersecurity agency Cert-In has also issued an alert against the new vulnerability with the severity rating of 'high'

Log4j vulnerability exposed

Log4j is a java-based logging library. Image source: (Pexels)


A major vulnerability has been discovered in Apache Java logging library, Log4j. It can be exploited to gain control of various servers which impacts some of the biggest companies as well as some third-party small companies. The major issue with this new vulnerability is that almost any malicious actor can take control of the servers with extreme ease. The exploiter can then take control of some of the systems that uses these servers. Also Read - What are cookies and why every internet user should know about it

The Indian cybersecurity agency Cert-In has also issued an alert against the new vulnerability with the severity rating of ‘high’. Log4j, is a popular Java-based logging package that has been built by Apache Software foundation. Almost all versions of the software have been impacted by the vulnerability ranging from 2.0-beta-9 to version 2.14.1. While Apache did release a fix in version 2.15.0 in its latest update, the real challenge will be to get all the servers that use its software to update the patch in time. Cybersecurity experts have called it one of the biggest threats to ever face the internet. Also Read - Ex-Starlink India head reveals plan to write whitepaper on broadband and poverty

According to the Indian nodal cybersecurity agency, the vulnerability could allow a remote attacker to gain full control of the targeted servers. The remote attacker could exploit this vulnerability by injecting a specially crafted malicious payload. Also Read - Elon Musk's Starlink will have to refund money to all Indian pre-orders

If the malicious actor becomes successful in exploiting this vulnerability, they can execute arbitrary code and lead to gain full control of the targeted servers.

Popular game Minecraft is one of the platforms where the vulnerability has been in active use. Some users on the online gaming platform have managed to control systems of other users by just pasting short messages in the chat box. Microsoft owns Minecraft and it has already released a patch for the vulnerability. Any user on the latest version, will be safe from the vulnerability. Some other big platforms that may have already been impacted includes Apple, Amazon and Twitter.

Marcus Hutchins, a cybersecurity specialist stated,  “This log4j (CVE-2021-44228) vulnerability is extremely bad. Millions of applications use Log4j for logging, and all the attacker needs to do is get the app to log a special string. So far iCloud, Steam, and Minecraft have all been confirmed vulnerable.”

The flaw was first discovered late in November by the cybersecurity team of Chinese tech giant Alibaba. The fix to the vulnerability was developed in two weeks and then released by  Apache Software Foundation.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: December 11, 2021 9:28 AM IST
  • Updated Date: December 11, 2021 9:48 AM IST



new arrivals in india

Best Sellers