The Log4Shell security flaw allowed hackers to break into millions of devices on the internet and execute malicious code. Specifically, when a server is compromised, an attacker can install malware on it and infect millions of other devices.
Log4Shell is said to have hit millions of devices
ABC NEWS screen capture
Log4Shell is found in log4j – an open source application log function and is commonly used for error tracking. Most security systems today have such a log, and log4j (released by Apache) is one of the most popular choices.
Looking at Log4Shell, security researcher Marcus Hutchins – who stopped the global WannaCry attack – affirmed that this is an alarming vulnerability with the same severity as WannaCry, and identified iCloud. , Steam and Minecraft fell victim.
Not long after this vulnerability was discovered, Apache quickly updated the open source log4j to completely patch the vulnerability. However, damages caused by Log4Shell have yet to be disclosed.