On the 10th of December, the tech industry was taken by a storm when it was discovered that the Remote Code Execution CVE-2021-44228 in the popular Java logging library Log4J (all versions between 2.0 and 2.14.1) have become vulnerable. The software library helps developers keep track of changes in the applications they build – for example, to text files. The Log4Shell 0-day attack vulnerability was first noticed in Minecraft; it has far-reaching consequences considering the ubiquitous character of the Log4J library, rendering millions of applications vulnerable to attack. This vulnerability can be exploited by attackers allowing them to take control of the vulnerability from a remote server.

According to Acronis VP of Cyber Protection Research, ​​Candid Wuest 

“The Log4shell vulnerability in Log4j is definitely in the top-5 most severe vulnerabilities of the last decade, one that allows for remote code execution (RCE). It compares to the EternalBlue used by WannaCry, or the ShellShock Bash vulnerability. What makes it so serious is how simple it is to exploit it remotely, as well as the huge number of applications using it. In addition, it also takes longer to patch – as it’s not just one vulnerable software that can be updated, but rather a library that’s included in many applications, resulting in many different updates that need to be installed.” 

Any application that uses the Java logging library is at risk due to the vulnerability, including cloud applications like Steam, Apple iCloud, etc. Additionally, according to a Lunasec researcher, simply changing an iPhone’s name can trigger the vulnerability in Apple’s servers. Candid Wuest has further said that the list of affected applications is still growing, as companies complete their analysis – affected applications already include Minecraft, Blender, LinkedIn, VMware and many more. 

The vulnerability can lead to: 

• Service disruption to having malware executed
• Data breach 
• Exfiltrate sensitive data
• Gain initial access to systems

 An increase in these attacks could lead to a hike in data breaches, to new computers being added to botnets for future attacks. According to experts, the vulnerability can enable hackers to control java-based web servers and enable them to execute remote code execution (RCE) attacks, which they may use to take control of affected systems. As the industry scrambles to mitigate the vulnerability, ​​Vice President Product Management, Ivanti, Chris Goettl, has mentioned some effective measures that can be adopted: 

“As far as how organisations should be looking to resolve this vulnerability, that is a bit more tricky. Normally, an organisation would rely on code scanners to identify the vulnerable code component or library. In this case, code scanners are still racing to catch up and properly detect the vulnerable library. For products already released to the market, an organisation would rely on its network vulnerability scanning to identify vulnerable software, but those scanners are having trouble consistently detecting the vulnerability as they have to try and send a properly formed message and monitor the logs for results, which may not consistently show up. The best guidance is to continue to rely on your DevSecOps processes and vulnerability scanning and supplement this with more direct action as there will likely be gaps for some time in detection. 

There are a few sources gathering lists of KB articles, security advisories, and mitigation guidance by vendors. Your organisation should assess the vendors in your environment, determine if they have provided guidance, and take those actions immediately.” 

Furthermore, Apache Foundation has updated Log4j version 2.15.0 — released on December 6, 2021– to address the vulnerability. As the update did not fully address the vulnerability, Apache Foundation released version 2.16.0, which eradicates the vulnerability completely and adds to the development team backlogs to update material sections on their codebase that handle logging. Companies must update the system as soon as possible in order to avoid malicious attacks on their softwares.