A new exploit called "Log4Shell" is causing headaches for security teams at major technology companies. If exploited, the vulnerability allows hackers to execute malicious code on vulnerable servers. Reports suggest that this can be used to attack platforms such as iCloud and Steam.
As the security company LunaSec (via The Verge), the vulnerability was first discovered in log4j, an open source library used by many apps and websites for logging. According to security researcher Marcus Hutchins, Log4Shell could affect millions of apps around the world because the log4j library is used by many developers. To exploit the vulnerability, hackers need to place a special string containing certain characters in the log.
“Log4Shell” exploit: iCloud is also at risk
To exploit the vulnerability, an attacker must trick the application into storing a specially-designed string in the log. Because applications routinely log a variety of events - such as messages sent and received by users or the details of system errors - the vulnerability is unusually easy to exploit and can be triggered in a variety of ways.
The Log4Shell exploit was recently discovered on Minecraft servers, where hackers exploited the vulnerability via chat messages. LunaSec claims that Apple's iCloud is also vulnerable to the new exploit. Attackers can even trigger the malicious code via QR codes, making the vulnerability even more dangerous. Neither Apple nor other tech companies have commented on this. However, it is assumed that due to the severity of the vulnerability, a solution is already being worked on. (Photo by mkabakov / Bigstockphoto)
