Millions of devices are vulnerable to attacks because of a vulnerability in the Log4j logging library. According to The Verge, apps and services keep a record of all the events that happen while they're running, giving them a way to analyze how their program is performing and to figure out what went wrong in case of errors. Log4j is a popular and widely used logging library, and even popular cloud services like Steam and iCloud, as well as apps like Amazon, are vulnerable to attacks exploiting Log4Shell.
Ars Technica says that it came to light after the websites reported the vulnerability. The problem doesn't affect onlyMinecraft. Marcus Hutchins, the security researcher who helped stop the spread of the WannaCry malware, called the vulnerability " extremely bad" since millions of applications use Log4j for logging.
Bad actors could use it to download and run malicious software that would compromise companies' and people's data. It's easy to exploit and could be triggered by posting messages. Hutchins said that attackers were able to execute code remotely by posting a message on the chatbox. Luna Sec said in a post that it is easy to cause a vulnerability in Apple's server.
Log4j has issued a fix for the vulnerability, and affected services have already released patches to protect users. If they can patch their systems, those running their own networks with Log4j may want to do so as well.
