Apache Log4j zero-day exploit could be used by hackers to target users on Steam, Twitter, Amazon, and other platforms
Cybersecurity researchers recently uncovered an extremely severe zero-day vulnerability in the Apache log4j logging library. The exploit can be used by hackers to take complete control of devices and servers running everything from iCloud and Amazon to Twitter and Minecraft: Java Edition.
The Apache log4j vulnerability is severe enough that proof-of-concept attacks were able to run straight from in-game chat in Minecraft: Java Edition. Apart from Minecraft, though, the real concern is the sheer number of popular apps and services that use Apache log4j. Platforms like Twitter and vulnerable, alongside Steam and many others.
Fortunately, the 2.15.0 version of Apache log4j features a simple patch to mitigate the vulnerability. The patch changes the value of log4j2.formatMsgNoLookups from "false" to "true," preventing the exploit from being used. Servers without the log4j update, however, remain vulnerable.
Hackers around the world have been quick to jump on the exploit. Global cybersecurity watchdogs like CERT report that the zero-day is being exploited, with hackers actively on the lookout for servers that haven't upgraded to Apache log4j version 2.15.0.
Check out this offer for McAfee Total Protection 2022 on Amazon.