We have launched our mobile app, get it now. Call : 9354229384, 9354252518, 9999830584.  

Current Affairs

Log4j vulnerability

Date: 17 December 2021 Tags: Miscellaneous

Issue

Vulnerability has been identified in Log4j logging library, resulting in leakage of sensitive data in some circumstances.

 

Background

The Log4J is used by almost all major Java-based enterprise apps and servers across the industry. 

 

Details

  • Log4J is an open-source logging library, which is used to keep track of all the activity inside an application.

  • It is among the most widely used tools to collect information across corporate computer networks, websites and applications. 

  • The flaw that has been identified can result in cybercriminals executing ‘arbitrary code’ and gain access to a computer system by inputting a string of code into the library.

  • It was found out by researchers at Alibaba first, with Microsoft’s Minecraft also issuing a statement confirming they were also impacted.

 

Implications

  • The vulnerability can result in data theft or unauthorised removal of the data from a device by cybercriminals.

  • Hackers can execute code remotely on a target computer, allowing them to steal data, install malware or take control.

 

Solutions

Cyber experts are suggesting that all customers on Log4j versions 2.15.0 and below need to upgrade to 2.16.0 as quickly as possible.