Log4Shell Java Zero-Day Vulnerability Creates Critical Risk to The Internet
An active zero-day Java vulnerability has impacted widely used software from companies including Amazon, Apple, Tesla, Twitter, and Microsoft. The exploit which has been named Log4Shell, manipulates the Apache Log4j2 logging tool in a way that can grant total system takeover to the attacker. The problem is extremely widespread as millions of applications take advantage of Log4j2. This is a 10 out of 10 in severity.
Put simply, this flaw can be remotely exploited from any vulnerable software that accepts text input.
The Apache Software Foundation released the necessary fixes to mitigate the Log4j2 weakness, but as consumers, we are unfortunately at the mercy of the companies who use the tool in their software. Organizations like Apple and Tesla with plenty of resources to throw at the problem have been able to resolve the issue quickly. Smaller companies are likely to take much longer to resolve this issue. So are those that have the Log4j2 tool buried buried deep in their applications.
PCS is working with vendors to ensure the systems we use to support our clients are safe and secure. We will continue to follow this situation as long as it is ongoing.
For more information, visit this collection of Log4j Security Advisories.