The danger index is 10 out of 10, according to the Apache Software Foundation
A new zero-day vulnerability, which affects the security of software log4j and has been called Log4Shell. The peculiarity of this attack is its magnitude, since it is used by millions of companies and digital services such as Steam, Minecraft and Apple iCloud.
Apache Log4j is a open source library and it serves for monitor activity in applications that belong to the Java programming language. It is not a function known to users, but it is a tool used by developers.
Attack on Minecraft
This failure has caused an attack that has affected the servers of Minecraft, which have been hacked with a simple message in the game’s chat.
In this type of attack, the hacker only has to send a malicious code that, if the device is Log4j in version 2.0 or higher, it gives direct access to the system, and you can execute the code remotely. Therefore, this allows the attacker to control the system and steal data.
Solve the problem
The Apache Software Foundation itself has rated the vulnerability with a Hazard rating of 10 out of 10.
On Friday, December 10, the three developers achieved tackle the problem and openly shared the patches that allow upgrade systems to prevent them from affecting your services. This Tuesday, they have published a new version to try to fix the problem. However, the failure is expected to take a long time to fully resolve.
From the Infrastructure Security and Cybersecurity Agency (CISA) of the United States, have assured that an effort will be necessary on the part of the organizations to recover security.