In what may be seen as a great danger for internet users, experts have found a software flaw, called 'Log4Shell', which may be the worst computer vulnerability in a decade. Experts have said that the flaw is posing a serious threat to various organizations across the globe, as it is a widely used software tool. They recently unearthed the flaw in an open-source logging tool used in cloud servers. Log4Shell is basically an enterprise software used by different industries and government institutions.
Experts have explained that the critical vulnerability, present in a software tool, could pose a serious threat to organizations, thus creating trouble for the global market in the coming days. Unless fixed, the flaw would certainly allow miscreants to easily access internal networks of any organization, and to steal valuable data, apart from deleting crucial information. It may be noted that some miscreants hacked the website of the Brazilian Health Ministry a couple of days ago, and deleted important information about the Latin American country's COVID-19 vaccination drive.
Apart from criminals, spies and programming novices could also take advantage of this software flaw in order to trigger a crisis for the industrial sector. Senior Vice President (Intelligence) of cybersecurity firm Crowdstrike Adam Meyers has expressed serious concern over the software flaw, saying that the internet is on fire because of Log4Shell. "People are scrambling to patch and all kinds of people scrambling to exploit it," he stressed. Meyers also said that anyone could exploit the flaw to get full access to an unpatched computer, as the software has already been installed in millions of servers.
Experts are deeply worried because Log4Shell has the potential to let hackers compromise millions of devices across the internet. Eminent Security Researcher Marcus Hutchins stressed that the flaw could easily affect online applications. "Millions of applications use Log4j for logging, and all the attacker needs to do is get the app to log a special string," he wrote on Twitter.
Cloudflare CTO John Graham-Cumming believes that it is a very serious vulnerability mainly because of the widespread use of Java and log4j package. As a tremendous amount of Java software has already been connected to the internet and also to back-end systems, it has become difficult to stop the misuse of Log4Shell. According to Graham-Cumming, there were only two software flaws 10 years back. Those were Heartbleed, which allowed one to get information from servers that should have been secure, and Shellshock, which allowed one to run code on a remote machine. However, Log4Shell can pose a greater threat to the internet users.
Meanwhile, Chinese tech giant Alibaba has claimed that its staff located the flaw in an open-source Apache software on November 24, and then fixed the flaw within a couple of weeks. According to a senior Alibaba official, they, like other tech companies in the world, use the Apache software to run their website. Hence, all those websites have become vulnerable due to this software flaw. The official further said that it was a real complicated task to fix the problem in various systems.
