What’s in News
- A new vulnerability named Log4Shell is being touted as one of the worst cybersecurity flaws to have been discovered. The vulnerability is based on an open-source logging library used in most applications by enterprises and even government agencies.
- The term open source refers to something people can modify and share because its design is publicly accessible.
- Log4j is an important Java-logging framework that is open-source software maintained by a group of volunteer programmers .
- The Log4j library is incorporated in every Java-based online service or application and is used by a variety of businesses to provide application logging. Java is one of the world’s most popular programming languages.
- The vulnerability grants hackers access to an application, and could potentially let them run malicious software on a device or servers.
- The vulnerability is dubbed Log4Shell and is officially CVE-2021-44228 (CVE number is the unique number given to each vulnerability discovered across the world).
- The problem impacts Log4j 2 versions which is a very common logging library used by applications across the world. Logging lets developers see all the activity of an application. Tech companies such as Apple, Microsoft, Google all rely on this open-source library.
- The vulnerability is serious because exploiting it could allow hackers to control java-based web servers and launch what are called ‘remote code execution’ (RCE) attacks. In simple words, the vulnerability could allow a hacker to take control of a system.
- The process of storing application events is known as application logging. It differs from conventional event logs in IT systems in that the information gathered by an application event log is mandated by the programme itself, rather than the operating system. They aid in providing visibility into how our apps perform on each of the infrastructure components. Out of memory exceptions and hard drive errors are examples of log data.
Why the worry
- Security experts have rated Log4Shell a severity rating of 10, the maximum degree conceivable.
- The flaw might allow a hacker to gain control of a system.
- A simple log entry might wind up being a malware installation event as a single line of code may be used to exploit the vulnerability, allowing attackers to execute remote instructions on a victim’s PC.
- Attackers can use it to take control of any Java-based web server and launch Remote Code Execution (RCE) attacks. In an RCE attack, the attackers get complete control of the targeted system and may execute any function they choose.
The extent of impact
- In India, approximately 41% of business networks in India have previously been subjected to an attempted attack.
- Because they deploy Java-based apps, Indian enterprises are not more vulnerable than their Western counterparts. Because of their inadequate security posture, Indian enterprises are at great danger, particularly smaller companies that may lack the know-how or resources to detect and resolve the issue fast.
What is a zero-day vulnerability and is log4j one of this kind?
- A 0day (or zero-day vulnerability) refers to a security flaw which has not been publicly disclosed and for which a software patch or remediation technique is not available.
- Considering that attempts at exploiting Log4Shell were observed at least a week prior to it being publicly disclosed, it could be said that it was a 0day vulnerability.