Zero Day Exploit Affecting Apple, Others Under Active Attack

Zero Day Exploit Affecting Apple, Others Under Active Attack

Posted by · 6407 views · Translate
A critical zero day exploit found in the popular Java logging library log4j2 is under active attack. The exploit affects numerous services and companies including Apple iCloud, Minecraft, Steam, Twitter, Baidu, Tencent, Amazon, Tesla and likely many more.

Lunasec reports...

A few hours ago, a 0-day exploit in the popular Java logging library log4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We're calling it "Log4Shell" for short (CVE-2021-44228 just isn't as memorable).

A proof of concept was shared on GitHub, alongside screenshots demonstrating iCloud's exposure.

Zero Day Exploit Affecting Apple, Others Under Active Attack

Another proof of concept uses a change of your iPhone name to demonstrate the vulnerability. Lunasec notes that this only shows the vulnerability exists on iPhones but at this time there is no known remote method of triggering it.

Zero Day Exploit Affecting Apple, Others Under Active Attack

Zero Day Exploit Affecting Apple, Others Under Active Attack

Zero Day Exploit Affecting Apple, Others Under Active Attack


Deutsche Telekom also confirmed that its logs show active attacks underway.

"We are observing attacks in our honeypot infrastructure coming from the TOR network."

Zero Day Exploit Affecting Apple, Others Under Active Attack


Mitigation details can be found at the link below. Please download the iClarified app or follow iClarified on Twitter, Facebook, YouTube, and RSS for more updates.

Read More


Zero Day Exploit Affecting Apple, Others Under Active Attack

Zero Day Exploit Affecting Apple, Others Under Active Attack

Zero Day Exploit Affecting Apple, Others Under Active Attack
LeoNyx86
LeoNyx86 - December 12, 2021 at 10:27am
Maybe personal details and data that belongs to a person should be deleted everywhere online. And it should be kept on an offline storage device like a swipe card. The only data that should be stored online are the card key numbers encrypted and jumbled. Or that any data online cannot be accessed without the card, by the person or anyone else. The cards would feature biometric security such as fingerprints, bio-impedance, an active pulse. Maybe a palm scanner with a lie detector and a Face ID including iris scanner with a lie detector. You would be asked three questions or such. And the voice recognition would also feature an authentication and lie detector. You have to pass all tests to gain access.
A-Non-E-Moose
A-Non-E-Moose - December 11, 2021 at 12:12am
Is this the same one that affected much of AWS on Dec8th?
Recent