Apache Log4j zero-day exploit could be used by hackers to target users on Steam, Twitter, Amazon, and other platforms

The Apache log4j vulnerability can potentially be used by threat actors to hack into Steam, Twitter, and other services (Image source: Panda Security)

A zero-day exploit was recently identified within the Apache log4j logging library, which can potentially be used by hackers to take over entire servers via logging messages. The vulnerability affects a number of online services, from Steam and Twitter to Amazon and Minecraft, among others.

Arjun Krishna Lal, Published 12/12/2021 🇮🇹 🇪🇸 ...

Cybersecurity researchers recently uncovered an extremely severe zero-day vulnerability in the Apache log4j logging library. The exploit can be used by hackers to take complete control of devices and servers running everything from iCloud and Amazon to Twitter and Minecraft: Java Edition.

The Apache log4j vulnerability is severe enough that proof-of-concept attacks were able to run straight from in-game chat in Minecraft: Java Edition. Apart from Minecraft, though, the real concern is the sheer number of popular apps and services that use Apache log4j. Platforms like Twitter and vulnerable, alongside Steam and many others.

Fortunately, the 2.15.0 version of Apache log4j features a simple patch to mitigate the vulnerability. The patch changes the value of log4j2.formatMsgNoLookups from "false" to "true," preventing the exploit from being used. Servers without the log4j update, however, remain vulnerable.

Hackers around the world have been quick to jump on the exploit. Global cybersecurity watchdogs like CERT report that the zero-day is being exploited, with hackers actively on the lookout for servers that haven't upgraded to Apache log4j version 2.15.0.

Check out this offer for McAfee Total Protection 2022 on Amazon.

Source(s)

PC Magazine

3rd-gen EPYC is virtually available now. (Source: AMD)

Amazon releases its latest virtual cloud servers based on third-gen EPYC processors 02/17/2022

A team of researchers has developed a malware detection system for Raspberry Pi. (Image source: Jainath Ponnala via Unsplash)

Researchers build novel malware detection system for Raspberry Pi 01/13/2022

F-Secure found that Ellume at-home COVID-19 tests were hackable via Bluetooth, allowing you to falsify your test result. (Image source: Roman Wimmers on Unsplash)

Researcher reveals that some at-home COVID-19 tests could be hacked using Bluetooth 12/22/2021

Meta has accused several surveillance companies of hacking and other data abuses. (Image source: Pexels via Pixabay)

Meta calls out private surveillance companies for attempting to hack around 50,000 accounts 12/19/2021

Apple has deleted all references to its CSAM initiative. (Image source: Jeremy Bezanger)

Apple pulls controversial CSAM plans to scan the Photos app in iOS and iPadOS for nude pictures of children from its website 12/16/2021

According to a security researcher, Apple's iOS 15 includes several critical security flaws (Image: Apple)

Apple's iOS 15 update supposedly includes several zero-day exploits despite security expert's warning 09/25/2021

Zoom zero-day vulnerabilities are being auctioned for up to US$500,000 04/16/2020

The older 0-day exploit allows hackers to gain full control of the affected smartphone through pieces of code hidden in an untrusted app. (Source: Portal GDA)

Older zero-day Android exploit still affects Google Pixel, Samsung Galaxy and other handhelds 10/04/2019

Windows 10 still has enough security breaches, and Microsoft does not seem to be willing to fix them in a timely manner. (Source: YouTube)

Researcher reveals new zero-day Windows 10 vulnerabilities 05/23/2019

Loading Comments

Comment on this article

KnowU and UBand Bio-RFID non-invasi...

Leaked DJI roadmap reveals the Mini...

Arjun Krishna - Tech Writer - 623 articles published on Notebookcheck since 2019

I've had a passion for PC gaming since 1996, when I watched my dad score frags in Quake as a 1 year-old. I've gone on to become a Penguin-published author and tech journalist. Apart from working as an editor at Notebookcheck, I write for outlets including TechSpot and Gamingbolt. I’m the Director of Content at Flying V Group, one of the top 5 digital marketing agencies in Orange County. When I'm not traveling the world, gathering stories for my next book, you can find me tinkering with my PC.

contact me via: Facebook, LinkedIn

Please share our article, every link counts!

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2021 12 > Apache Log4j zero-day exploit could be used by hackers to target users on Steam, Twitter, Amazon, and other platforms

Arjun Krishna Lal, 2021-12-12 (Update: 2021-12-13)

Apache Log4j zero-day exploit could be used by hackers to target users on Steam, Twitter, Amazon, and other platforms

Source(s)

Related Articles