A new exploit called “Log4Shell” has been giving security teams at large technology companies a headache. When exploited, the vulnerability lets hackers run malicious code on vulnerable servers, and it can reportedly affect platforms such as iCloud and Steam.
As shown in detail by the security company LunaSec, the vulnerability was first found in log4j, an open source library used by multiple apps and websites for registration, which is the process of keeping a list of activities performed in order to review them later to fix bugs or other errors.
According to security researcher Marcus Hutchins, “Log4Shell“Could then affect millions of apps all over the world, as the log4j library is widely used by developers. To exploit the vulnerability, hackers simply need to save a special string with specific characters in the registry. Because applications regularly log a wide range of events, such as messages sent and received by users or details of system errors, the vulnerability is easy to exploit and can be activated in various ways.