The government of the US has had to issue warnings due to a serious flaw found in the Log4j.
Some major global companies are now under a lot of pressure to fix this vulnerability which is one of the most serious software flaws in recent memory.
Major Flaw Detected In Log4j; One Of The Biggest Yet!
This flaw allows hackers easy access to computer systems and it comes from a vulnerability in Log4j, which is a widely used Java-based logging library developed by the Apache Software Foundation.
Multiple services, such as Apple iCloud, popular gaming service Steam, and online game Minecraft use Log4j, which makes it all the more dangerous.
Let’s look at what Log4j is – Log4j is an open-source software, and it is maintained by a group of volunteer programmers as a part of the Apache Software Foundation and is a key Java-logging framework. It is used by a lot of applications, that developers can employ into applications to monitor, or ‘log’, which in turn helps programmers debug software.
Major Companies Under Pressure To Fix Flaws
As per reports, the initial exploitation was detected on December 2, before a patch was introduced a few days later. In a security advisory, Apache has stated that the issue was first publicly announced by a security researcher working with Chinese technology company Alibaba Group Holding Ltd.
As per reports, advisories have been published about the flaw by Microsoft Corp and Cisco Inc. Software developers have also released a fix late last week; however, a solution for this depends on thousands of companies putting the fix in place before it is exploited.
Oracle has also issued a patch for the flaw, stating, “Due to the severity of this vulnerability and the publication of exploit code on various sites, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.”
AWS has also announced that it is working on the patchwork for its services that use Log4j and has also released mitigations for services like CloudFront.
IBM has also confirmed it is “actively responding” to the software bug across its infrastructure and its products. As per the company, Websphere 8.5 and 9.0 are vulnerable.