On November 24, an Alibaba employee – Chen Zhaojun, discovered a glitch on the Minecraft website. The flaw pertains to a program that lets developers log changes in databases. The vulnerability is called Log4shell, and you probably never heard about it, but it turns out that implications related to it are relevant to all of us.
It didn’t take much time for hackers to start taking advantage of this flaw by stealing data and even taking control over iPhones. The tweet below shows how a hacker was able to change the name of an iPhone remotely.
And it isn’t Apple alone that is in danger. Many other companies have experienced or will experience very shortly even worse hardships. Log4j is an Apache (database manager tool) software that plays a vital role in logging changes in all different sorts of apps. Apache is used by virtually every major e-business company around the world.
By Monday, December 13, A cybersecurity firm reported that in the span of 72 hours, over 800,000 attempted exploits had been executed. The cybersecurity company claimed it was “the most serious vulnerability on the internet in recent years.”
Amazon Web Services could be the most detrimental since millions of websites are hosted there. Amazon Web Services is a vast network of super fast servers that offer many major tech companies worldwide incredibly high computing powers. Thousands of businesses store their application data, such as private user data, including photos, messages, comments, and online activities. Microsoft, IBM, Cisco, Google, and Valve have all found vulnerabilities in their systems and have already taken necessary actions to prevent further damage.
What’s the most dangerous is that the yet unpatched glitch lets hackers control servers remotely with level 1 admin authority control. Hackers, then, will be able to do everything they want with stored data and use high computing power however they want to. We can predict it would be used for password breaking and deciphering modern encryption algorithms used by small websites storing user data and ending up on banks and government services and setting up cryptocurrency mining machines.
Unfortunately, it’s a back-end problem, not a user-front problem. That means that an ordinary computer user cannot do anything to help fix the bug. We can only hope Apache and other tech companies will work together to fix the issue once and for all.
On December 14, 2021, Apache addressed disturbed companies by releasing the latest update, Apache Log4j 2.16.0, and thanking Apache Logging Services Project Management “for working around the clock.” All businesses must update their database software as soon as possible.
Funnily enough, according to experts, the flaw has existed since 2013. It just goes to show how complex computer programs are. I find it incredibly fascinating that such a dangerous flaw existed in open source software unnoticed for over eight years. App developers know that the more intricate the app, the more bugs there are. Sadly the number of vulnerabilities grows exponentially.
Therefore, Log4shell will be fixed for good, like all bugs are. Unfortunately, after patching it, three more will likely appear in its place, and the fight goes on and on. What can we do? What every software company has told us for the last 30 years: “update your software regularly.”
Google, Apple, and Microsoft are always on the watch for new bugs and vulnerabilities to repair. These companies release small software patches every month, even before a given glitch becomes public.
We can split hackers into two camps: those with good and bad intentions. A bad hacker takes advantage of discovered glitches, and a good hacker does the opposite – they attack internal systems and check security systems. Every glitch a good hacker detects is reported and quickly fixed. What’s more, companies often rent hacking services and pay them for discovering bugs.
That’s why these annoying alerts on your computer asking you to update software to the latest version are being released so often. At the end of the day, it’s all about preserving privacy.
sources
Hopefully Apple always reacts super fast to this kinds of vulnerabilities and releases software updates frequently, however there already are many generations of devices that no longer support updates, and this issues will completely remove this devices from existence