From times and times, we see new exploits emerging and proving how problematic they can be in the hands of bad people. The situation is even more critical when we’re talking about a Zero-day exploit. The latest exploit has been discovered in Apache’s Log4j logging library. A proof-of-concept exploit was shared online. It reveals the true potential of remote code execution attacks, and it has affected some of the largest services on the web. The exploit has been identified as “actively being exploited”, carries the “Log4Shell” moniker, and is one of the most dangerous exploits to be made public in recent years. It can affect basically everything from Apple devices to simple apps and games like Minecraft.
For those unaware, Log4j is a popular Java-based logging package. Apache Software Foundation is the developer behind it. It’s a CVE-2021-44228 patch that affects all versions of Log4j between version 2.0-beta9 and version 2.14.1. It has been patched in the most recent version of the library, version 2.15.0. However, many services and applications currently rely on Log4j. That goes from an Apple device to games like Minecraft. Cloud services such as Steam and Apple iCloud are also on the list of vulnerable, and we assume it also goes for everyone using Apache Struts. Even changing an iPhone’s name is capable of triggering the vulnerability on Apple’s servers.