- A ‘fully weaponised’ software flaw that easily allows criminals to steal personal data, plant malicious software or hijack credit card details is the biggest threat in the history of modern computing, experts have warned.
- The ‘Log4Shell’ glitch, first discovered by users of the wildly popular online game Minecraft, allows another user to seize control of a device and execute programmes without the owner’s consent.
- Online services used by millions including Netflix, Amazon, Uber and LinkedIn and cloud-based services such as Apple iCloud, Android OS, Google Documents and more are all understood to be under threat from the software bug.
Experts have warned that the worst threat in the history of modern computing is a ‘completely weaponized’ software weakness that allows attackers to effortlessly steal personal data, plant malicious software, or hijack credit card numbers as reported by Mail Online.
A glitch
The ‘Log4Shell’ glitch, first discovered by users of the wildly popular online game Minecraft, allows another user to seize control of a device and execute programmes without the owner’s consent.
Online services used by millions including Netflix, Amazon, Uber and LinkedIn and cloud-based services such as Apple iCloud, Android OS, Google Documents and more are all understood to be under threat from the software bug.
The flaw discovered within the programming language Java, which has tech experts scrambling for a quick fix, may be the worst computer vulnerability discovered in years.
‘The internet´s on fire right now,’ said Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike.
‘People are scrambling to patch,’ he said, ‘and all kinds of people scrambling to exploit it.’
He said Friday morning that in the 12 hours since the bug’s existence was disclosed that it had been ‘fully weaponized,’ meaning malefactors had developed and distributed tools to exploit it.
Java remains one of the world’s most popular programming languages and is used to create functions within an app or system.
It’s still used to this day, either for backend services to user development interfaces, in some of the world’s most popular applications or online services, including Netflix, Amazon, Google and Android OS, Spotify, LinkedIn and Uber.
Vulnerable exploit
With the ‘Log4Shell’ bug, hackers can take full control of an external server, without authentication, with relative ease.
‘I would be hard-pressed to think of a company that´s not at risk,’ said Joe Sullivan, chief security officer for Cloudflare, whose online infrastructure protects websites from malicious actors.
‘Log4Shell’ was uncovered in a utility that’s ubiquitous in cloud servers and enterprise software used across industry and government.
Until it is resolved, criminals, spies and programming novices alike are granted easy access to internal networks where they can steal valuable data, plant malware, erase crucial information and much more.
Untold millions of servers have it installed, and experts said the fallout would not be known for several days. Amazon, Twitter and Apple’s iCloud are understood to be ‘vulnerable’ to the exploit.
Did you subscribe to our newsletter?
It’s free! Click here to subscribe!
Source: Mail Online
