Security Alert: Zeroday vulnerability discovered on Java

GoDaddy: sottratti i dati di 1,2 milioni di clienti thumbnail

A vulnerability, baptized Zeroday, was recently discovered in libreria log Java Widely used in Log4j it could allow many hackers to gain full control of infected servers. Plotted as CVE-2021-44228, the vulnerability is already considered very serious and allows the execution of unauthenticated remote code, since the user running the application uses the Java logging library.

Zeroday vulnerability security alert

Systems and services that use the Java registration library, log4j between versions 2.0 and 2.14.1 are all affected, including many services and applications written in Java.

The vulnerability was first discovered in Minecraft, but the researchers warn that cloud applications are also vulnerable. This exploit is also used in business applications and it is likely that many products will show security breaches as you learn more about this flaw.

Hands of hacker on a laptop

Log4j is incorporated into a number of widely used frameworks, including Apache Struts2, Apache Solr, Apache Druid e Apache Flink, which means that a dizzying number of third-party apps can also be vulnerable to exploits that have affected Minecraft users, which could paint a particularly dire scenario.

For now, not much is known about the vulnerability. However, one of the first few sources provided a tracking code, that is CVE-2021-44228; what is certain is that many companies could already be compromised, even if at the moment no one has published official news about it yet.

For the moment, the advice is to pay close attention; for Minecraft users, this means avoiding unknown servers or untrustworthy users. For users of open-source software, it means checking if the product used is based on Log4j or Log4j2 before registering.