Log4Shell has caught the attention of researchers because of how easy it is to activate.
The existence of a new exploit has been detected that endangers the servers of iCloud, Amazon, Steam and many more, and even the devices linked to them. The exploit comes under the name ‘Log4Shell’ , and it has raised alarms by how unusually easy it is to activate.
When the vulnerability is exploited, it allows ‘Log4Shell’ to run malicious code on vulnerable servers. According to various investigations by LunaSec specialists, ‘Log4Shell’ could endanger the servers of multiple applications and services , among which we have Amazon, iCloud, Steam and more.
The vulnerability was first found in log4j, an open source library used by various logging applications . This term refers to the sequential recording of events that will be reviewed later to detect problems or vulnerabilities in the events of a computing process.
To exploit the vulnerability, an attacker has to make the application save a special string of characters in the registry. Since applications routinely log a wide range of events – such as messages sent and received by users, or details of system errors – the vulnerability is unusually easy to exploit and can be triggered in a number of ways.
Log4Shell was recently spotted on Minecraft servers , where hackers could trigger the exploit using the game’s internal chat. As for Apple, hackers could activate the code through QR codes, thus violating iCloud protection.
According to security researcher Marcus Hutchins, this exploit could affect millions of applications around the world, especially because of how popular the log4j library is. So far the companies have not commented on this , but most likely they are already at work to solve the problems that Log4Shell may cause them.