Log4Shell, a significant security hole in Log4j, an open-source logging software used in everything from online games to enterprise applications and cloud data centers, has security experts all around the world scurrying to repair it. Because of its widespread use, the internet has been on high alert as hackers increase their efforts to target weak systems.
Log4Shell is a zero-day vulnerability that allows attackers to remotely run code on susceptible servers running Log4j, which developers use to keep track of what’s occurring inside an application while it runs. The flaw is identified as CVE-2021-44228. It has a severity level of 10.0, indicating that attackers can remotely take complete control of a susceptible system over the internet without the victim’s knowledge – and it doesn’t take much talent to do so.
“Earliest evidence we’ve found so far of #Log4j exploit is 2021-12-01 04:36:50 UTC. That suggests it was in the wild at least 9 days before [it was] publicly disclosed. However, don’t see evidence of mass exploitation until after public disclosure.”Matthew Prince, Cloudflare co-founder, and CEO
The growing number of victims since the news of Log4Shell initially surfaced shows that the issue has compromised thousands of big-name companies and services. According to a GitHub list that is updated regularly, Apple, Amazon, Baidu, Google, IBM, Tesla, Twitter, and Steam are affected. Separately, VMware issued an advisory warning to consumers that several of its devices are vulnerable, while Cisco verified that the problem affects some of its products.