A vulnerability in the Java Apache Log4j library has been discovered and may be used to attack popular services, including Microsoft Minecraft, Valve Steam and Apple iCloud, among others.
The vulnerability, titled CVE-2021-44228 is considered a zero-day flaw and found in the library Log4j. The exploit is such that the attacker will have control over the servers and can perform code execution remotely.
Currently, companies are looking for ways to patch the exploit, including patches and assessing how it might impact their business.
CERT New Zealand has reported that the vulnerability is being used, with proof of concepts appearing on GitHub. Other Java versions, 11.0.1, 8u191, 7u201 and 6u211 are less affected but there’s also a chance it could be intruded.
Apple was alerted to the vulnerability existing on its iCloud platform, with security researchers claiming they were able to hack into the library successfully. In the meantime, major tech companies are currently working to patch the vulnerability.