A critical zero day exploit found in the popular Java logging library log4j2 is under active attack. The exploit affects numerous services and companies including Apple iCloud, Minecraft, Steam, Twitter, Baidu, Tencent, Amazon, Tesla and likely many more.
Lunasec reports...
A few hours ago, a 0-day exploit in the popular Java logging library log4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We're calling it "Log4Shell" for short (CVE-2021-44228 just isn't as memorable).
A proof of concept was shared on GitHub, alongside screenshots demonstrating iCloud's exposure.
Another proof of concept uses a change of your iPhone name to demonstrate the vulnerability. Lunasec notes that this only shows the vulnerability exists on iPhones but at this time there is no known remote method of triggering it.
Deutsche Telekom also confirmed that its logs show active attacks underway.
"We are observing attacks in our honeypot infrastructure coming from the TOR network."
Mitigation details can be found at the link below. Please download the iClarified app or follow iClarified on Twitter, Facebook, YouTube, and RSS for more updates.
Read More
Lunasec reports...
A few hours ago, a 0-day exploit in the popular Java logging library log4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We're calling it "Log4Shell" for short (CVE-2021-44228 just isn't as memorable).
A proof of concept was shared on GitHub, alongside screenshots demonstrating iCloud's exposure.
Another proof of concept uses a change of your iPhone name to demonstrate the vulnerability. Lunasec notes that this only shows the vulnerability exists on iPhones but at this time there is no known remote method of triggering it.
Deutsche Telekom also confirmed that its logs show active attacks underway.
"We are observing attacks in our honeypot infrastructure coming from the TOR network."
Mitigation details can be found at the link below. Please download the iClarified app or follow iClarified on Twitter, Facebook, YouTube, and RSS for more updates.
Read More