Global race to patch critical computer bug
PTI, Dec 11, 2021, 9:26 AM IST
Boston: Security experts around the world raced Friday to patch one of the worst computer vulnerabilities discovered in years, a critical flaw in open-source code widely used across industry and government in cloud services and enterprise software. “I’d be hard-pressed to think of a company that’s not at risk,” said Joe Sullivan, chief security officer for Cloudflare, whose online infrastructure protects websites from malicious actors.
Untold millions of servers have it installed, and experts said the fallout would not be known for several days.
New Zealand’s computer emergency response team was among the first to report that the flaw in a Java-language utility for Apache servers used to log user activity was being “actively exploited in the wild” just hours after it was publicly reported Thursday and a patch released.
The vulnerability, dubbed ‘Log4Shell,’ was rated 10 on a scale of one to 10, the worst possible. Anyone with the exploit can get full access to an unpatched machine.
“The internet’s on fire right now. People are scrambling to patch and there are script kiddies and all kinds of people scrambling to exploit it,” said Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike. “In the last 12 hours, it has been fully weaponized.”
The vulnerability in the Apache Software Foundation module was discovered November 24 by the Chinese tech giant Alibaba, the foundation said.
Meyers expected computer emergency response teams to have a busy weekend trying to identify all impacted machines. The hunt is complicated by the fact that affected software can be in programs provided by third parties. The flaw’s exploitation was apparently first discovered in Minecraft, an online game hugely popular with kids and owned by Microsoft.
Meyers and security expert Marcus Hutchins said Minecraft users had already been using it to execute programs on the computers of other users by pasting a short message in a chatbox.
Microsoft said it had issued a software update for Minecraft users and “customers who apply the fix are protected.” Researchers reported finding evidence the vulnerability could be exploited in servers run by companies including Apple, Amazon, Twitter, and Cloudflare.
Cloudflare’s Sullivan said there we no indication his company’s servers had been compromised. Apple, Amazon, and Twitter did not immediately respond to requests for comment.
Udayavani is now on Telegram. Click here to join our channel and stay updated with the latest news.
Top News
Related Articles More
Deep-tech drives growing patenting patterns in India; highest filings in Tamil Nadu: Study
Don’t blame Dubai’s freak rain on cloud seeding
ISRO Gears Up to Test Critical Parachute Safety of Gaganyaan
Indian students bag NASA awards for Human Exploration Rover Challenge
‘Mastering the Data Paradox’: Book uncovers pivotal role of data in AI age
MUST WATCH
Latest Additions
With impact player, it is getting difficult each and every day: Pant
Congress in K’taka to stage protest on Apr 28 against ‘paltry’ drought relief given by Centre
McGurk, Stubbs rock as DC beat MI by 10 runs
‘Shaurya Smarak’ of three fallen Army officers unveiled in Jammu
BJP drops Poonam Mahajan, picks 26/11 prosecutor Ujjwal Nikam from Mumbai North Central seat