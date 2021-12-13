Several popular services like twitter, steam, Apple iCloud and Minecraft are vulnerable to Log4Shell attacks, which affects the open source logging tool Log4j. LunaSec company first identified the vulnerability in Microsoft’s block game, but warned that any service that uses Apache Log4j could suffer from cyber attacks.

Until the moment, Amazon, Apple, Twitter, Steam, tencent, NetEase, elastic and Baidu have already identified the vulnerability in their systems. However, thousands of smaller companies and services may be on this list without even knowing it.

Hackers are looking for servers vulnerable to exploit

Monitoring and data security agencies have already identified at least 100 distinct domains that are actively seeking out servers vulnerable to attack via Log4j.

As it is an open source tool, it is extremely useful not only for large companies affected, but especially small developers looking for efficient and affordable solutions.

As such, virtually every Java-based service has the registration tool, but not every developer can be able to create a security response as fast as the Mojang, for example.

The Swedish game developer has already released the 1.18.1 update for Minecraft: Java Edition which fixes the problem. Apple, Amazon and other affected giants are already working to fix the security hole.

Player safety is the top priority for us. Unfortunately, earlier today we identified a security vulnerability in Minecraft: Java Edition. The issue is patched, but please follow these steps to secure your game client and/or servers. Please RT to amplify.https://t.co/4Ji8nsvpHf — Minecraft (@Minecraft) December 10, 2021

According Kayla Underkoffler, technologist of HackerOne, virtually “the entire digital infrastructure of today depends on open source tools, with an average application using more than 500 open source components.” Also according to Underkoffler, most of the vulnerabilities discovered in 2020 were already present in the code for at least 2 years.

The advantage of using such tools is that it democratizes independent development and reduces operational costs. However, just as the development community has access to the code, so do malicious users, and most small businesses don’t have the means to identify and fix any flaws quickly enough.