Adam Kos Last week it was revealed that a security hole in the open-source log4j tool is putting millions of applications used by users around the world at risk. Cyber security experts themselves have described it as the most serious security vulnerability in the last 10 years. And it also concerned Apple, specifically its iCloud.
Log4j is an open-source logging tool widely used by websites and applications. The exposed security hole could therefore be exploited in literally millions of applications. It allows hackers to run malicious code on vulnerable servers and can allegedly also affect platforms such as iCloud or Steam. This, moreover, in a very simple form, which is why it was also awarded a grade of 10 out of 10 with regard to its criticality.
In addition to the dangers posed by the widespread use of Log4j, it is extremely easy for an attacker to use the Log4Shell exploit. He just has to make the application save a special string of characters in the log. Because applications routinely log a wide variety of events, such as messages sent and received by users or details of system errors, this vulnerability is unusually easy to exploit, and can be triggered in many different ways.
It could be interest you
Apple has already responded
According to the company Eclectic Light Company Apple has already fixed this hole in iCloud. The website states that this iCloud vulnerability was still at risk on December 10, while a day later it could no longer be used. The exploit itself does not appear to have involved macOS in any way. But Apple wasn't the only one at risk. Over the weekend, for example, Microsoft fixed its hole in Minecraft.
If you are developers and programmers, you can check out the magazine's pages nakedsecurity, where you will find a fairly comprehensive article discussing the whole issue.
