Zero Day Exploit Affecting Apple, Others Under Active Attack
LIKE
TWEET
SHARE
PIN
SHARE
POST
MAIL
MORE
Posted December 10, 2021 at 6:49pm by iClarified
A critical zero day exploit found in the popular Java logging library log4j2 is under active attack. The exploit affects numerous services and companies including Apple iCloud, Minecraft, Steam, Twitter, Baidu, Tencent, Amazon, Tesla and likely many more.
Lunasec reports...
A few hours ago, a 0-day exploit in the popular Java logging library log4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We're calling it "Log4Shell" for short (CVE-2021-44228 just isn't as memorable).
A proof of concept was shared on GitHub, alongside screenshots demonstrating iCloud's exposure.
Another proof of concept uses a change of your iPhone name to demonstrate the vulnerability. Lunasec notes that this only shows the vulnerability exists on iPhones but at this time there is no known remote method of triggering it.
Deutsche Telekom also confirmed that its logs show active attacks underway.
"We are observing attacks in our honeypot infrastructure coming from the TOR network."
Maybe personal details and data that belongs to a person should be deleted everywhere online. And it should be kept on an offline storage device like a swipe card. The only data that should be stored online are the card key numbers encrypted and jumbled. Or that any data online cannot be accessed without the card, by the person or anyone else.
The cards would feature biometric security such as fingerprints, bio-impedance, an active pulse. Maybe a palm scanner with a lie detector and a Face ID including iris scanner with a lie detector.
You would be asked three questions or such. And the voice recognition would also feature an authentication and lie detector.
You have to pass all tests to gain access.