Protecting Against the Log4j (Log4Shell) Vulnerability – What is it & What Actions Can You Take?

On December 9th, 2021, reports surfaced about a new zero-day vulnerability, termed Log4j (Log4Shell), impacting Minecraft servers. Now, almost one week later, it is clear that countless millions of devices are at risk, and Log4j may rank among the worst vulnerabilities yet seen. 

Since we became aware of Log4j late last week, Morphisec has investigated this emerging threat. We now agree that it poses a significant risk to networks everywhere. Here is a quick rundown of what you need to know about Log4j and what to do about it. 

What is the Log4j Vulnerability: A Critical Vulnerability in a Widely Used Apache Library

The Log4j exploit allows threat actors to take over compromised web-facing servers by feeding them a malicious text string. It exists within Log4j, an open-source Apache library for logging errors and events in Java-based applications. Third-party logging solutions like Log4j are a common way for software developers to log data within an application without building a custom solution. 

In the case of Minecraft, where the Log4 Shell exploit first surfaced last week, this malicious string is entered through the chatbox. In other examples, text entered into the username box on web applications, like Apple iCloud, can also

Read More: