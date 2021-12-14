Security holes are never welcome, especially when they have a big impact like the new Log4Shell introduces. This flaw is present in a component that many of the major Internet services use.

Its importance is such that there are already several alerts and many are preparing their updates. Log4Shell is compromising security and the solution is available now, everyone should update their apps as soon as possible.





Despite being present in a component that few people know about, the flaw that Log4Shell brings has an impact on almost the entire Internet and on many of the services that exist on it. It is present in Log4j, a Java library dedicated to logging.

Present in services such as iCloud, Steam, Minecraft and many others, it has a vulnerability that allows the attacker to run remote code on these platforms. It is known to be actively being exploited and if it originally focused on mining malware, it has opened up and is now used for much more.

This was yet another flaw discovered almost randomly, but as soon as it was revealed it immediately activated many security experts. Present in Log4j versions 2.0-beta-9 through 2.14.1, it was promptly fixed in version 2.15.0 of this Java library.

With a proof of concept already available, it is evident that it is extremely simple to use. Just a name change on an iPhone can do or a DNS query can cause this problem and thus open the door to attackers.

With many Internet services already working to mitigate this problem, it is important that users follow the instructions given. They must also update the apps of these services to ensure security on all fronts.

With a very high degree of severity, Log4Shell is being described as even worse than the well-known Heartbleed. This flaw in Log4j is taking the Internet by storm and revealing that much of what was considered secure is actually exposed and with serious security issues.