Notebookcheck Logo
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Apache Log4j zero-day exploit could be used by hackers to target users on Steam, Twitter, Amazon, and other platforms

The Apache log4j vulnerability can potentially be used by threat actors to hack into Steam, Twitter, and other services (Image source: Panda Security)
The Apache log4j vulnerability can potentially be used by threat actors to hack into Steam, Twitter, and other services (Image source: Panda Security)
A zero-day exploit was recently identified within the Apache log4j logging library, which can potentially be used by hackers to take over entire servers via logging messages. The vulnerability affects a number of online services, from Steam and Twitter to Amazon and Minecraft, among others.

Cybersecurity researchers recently uncovered an extremely severe zero-day vulnerability in the Apache log4j logging library. The exploit can be used by hackers to take complete control of devices and servers running everything from iCloud and Amazon to Twitter and Minecraft: Java Edition

The Apache log4j vulnerability is severe enough that proof-of-concept attacks were able to run straight from in-game chat in Minecraft: Java Edition. Apart from Minecraft, though, the real concern is the sheer number of popular apps and services that use Apache log4j. Platforms like Twitter and vulnerable, alongside Steam and many others. 

Fortunately, the 2.15.0 version of Apache log4j features a simple patch to mitigate the vulnerability. The patch changes the value of log4j2.formatMsgNoLookups from "false" to "true," preventing the exploit from being used. Servers without the log4j update, however, remain vulnerable. 

Hackers around the world have been quick to jump on the exploit. Global cybersecurity watchdogs like CERT report that the zero-day is being exploited, with hackers actively on the lookout for servers that haven't upgraded to Apache log4j version 2.15.0. 

Check out this offer for McAfee Total Protection 2022 on Amazon.

Source(s)

Read all 1 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Arjun Krishna Lal
Arjun Krishna Lal - Tech Writer - 600 articles published on Notebookcheck since 2019
I've had a passion for PC gaming since 1996, when I watched my dad score frags in Quake as a 1 year-old. I've gone on to become a Penguin-published author and tech journalist. Apart from working as an editor at Notebookcheck, I write for outlets including TechSpot and Gamingbolt. I’m the Director of Content at Flying V Group, one of the top 5 digital marketing agencies in Orange County. When I'm not traveling the world, gathering stories for my next book, you can find me tinkering with my PC.
contact me via: Facebook, LinkedIn
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2021 12 > Apache Log4j zero-day exploit could be used by hackers to target users on Steam, Twitter, Amazon, and other platforms
Arjun Krishna Lal, 2021-12-12 (Update: 2021-12-13)