Discovered on December 10 in the Java library Log4j, developed by Apache, this major security Bosnia and Herzegovina WhatsApp Number flaw called Log4Shell has caused a great wave of concern among many researchers.
A Way to Execute
The Java Log4j library is designed to log software related information such as error reports. This security flaw actually allows an attacker to send the server. The link of a web page, and to make it read all the content of this page. If the page contains Java code, the server is able to execute it. This vulnerability, defined as the CVE-2021-44228 flaw, is particularly dangerous since it offers the possibility of running code remotely on any vulnerable server.
Marcus Hutchins, a UK cybersecurity researcher known for stopping the WannaCry ransomware attack. Respond directly by saying, “This Log4j vulnerability (CVE-2021-44228) is extremely bad. Millions of applications use Log4j for logging, and all the attacker. To do is tell the application to log a special string. He specifies that the main services confirmed as being vulnerable are iCloud (Apple’s hosting service), Steam (video game store) and Minecraft.
The National Information Systems Security Agency (Anssi) reacted quickly by publishing an alert on this flaw. Since it concerns a Java library used by thousands of companies.
An Update Is Available
An emergency patch was released over the weekend by the Apache Foundation, but it must be installed by server. Owners to prevent attacks. Some concerned, such as Mojang, the publisher of Minecraft. Have also published several alerts on their respective sites to invite all server owners to make the proposed update as soon as possible.