Cybersecurity specialists are sounding the alarm. A new, critical security hole has been discovered in the Apache Log4j library used in Java applications. Thousands of programs are at risk.
Experts warn of a new loophole. Exposed thousands of applications
A vulnerability in a library causes a vulnerability that allows for remote code execution under the permissions of a given application (in which the vulnerability will be exploited) – This means that criminals can take advantage of a security weakness of a vulnerable application and take remote control over our device – for example, use the computer in the role of a cryptocurrency excavator.
The matter is very serious, because the Apache Log4j library is one of the most frequently used event logging libraries in the Java programming language. This means that the applications (mainly Internet, but not only) of thousands of companies are exposed to the problem. These are, for example, some software from companies such as VMware, CISCO or Atlassian – explains CERT Polska.
A critical vulnerability, CVE-2021-44228 (Log4Shell), was found in the Apache Log4j library, allowing remote code execution. This library is one of the most frequently used event logging libraries used by Java applications. It should be noted that the library is used by many commercial applications and the probability of a threat related to this vulnerability in the organization is high
– we read in the CERT Polska report.
According to specialists, Apache Log4j libraries from 2.0 to 2.14.1 inclusive are vulnerable to attack. The previous versions are resistant, but also unsupported for a long time, which is why they are rarely used today. Luckily, Android smartphone apps using Apache Log4j are safe.
However, the problem may affect a large part of companies or even paralyze their work. Moreover, the criminals who have already started their attacks know this very well. According to experts, there will be only more of them in the future.
We are seeing more and more attempts at attacks and their advancement. It can be expected that it will be an increasing trend. The problem affects a very large number of systems, so we recommend taking immediate action
– explains CERT Polska.
Source: Gazeta
Ricardo is a renowned author and journalist, known for his exceptional writing on top-news stories. He currently works as a writer at the 247 News Agency, where he is known for his ability to deliver breaking news and insightful analysis on the most pressing issues of the day.
