© Digital Journal
The log4j (CVE-2021-44228) bug is considered a major global vulnerability by security analysts. The bug relates to a Java logging function on servers. It allows remotely executable control of servers and client home computers.
In terms of user demographics, this logging function is pretty much universal, also used by governments and corporations. Equally problematic, the bug is also directly related to the ubiquitous and highly regarded open-source Apache suite of servers.
It’s big enough to be called “a threat to the internet” by NSA CS director Rob Joyce. Exploit code was posted online, adding more possible actors and more risks.
It’s also apparently enough of a problem for Microsoft, Apple, and Valve not to respond to media inquiries just yet. Traditionally, this uncharacteristic reticence means “we’re working on it”.
A very unkind first hit for this bug was on the big gaming site, Minecraft. To access Minecraft, all hackers had to do was post in a chatbox. The logging process presumably did the rest. Minecraft has since provided a fix.
(Arstechnica cites the fix as requiring a manual install on this link.)
The bigger…