Here we go again... (Internet Vulnerability Apache Log4j)

RunningBum said:
The explanation is that the vulnerability allows for a piece of executable code to be triggered by a log. Code like malware. But that malware has to exist on the machine itself. The log vulnerability wouldn't put it there. So they said to take extra care not to click on any suspicious links or download attachments that don't look right or are from untrusted sources. The usual common sense stuff, but more urgent now, perhaps.
Click to expand...

Except (and this is the really bad part) the exploit takes advantage of a Java feature that allows the compromised code to download anything EvilTeam wants and run it as that user, without any action on the user's part. This is kind of like the Pegasus exploit of iMessages in iPhones that allowed remote control of anyone's phone without the user doing anything.

Big issue, because you have no control unless you can block the downloads (or patch).
 
Last edited:
You must log in or register to reply here.

Similar threads

M
Karma? A Chilling Story
Replies
15
Views
1K
EastWest Gal
E
A
Ugh, here we go again.
Replies
2
Views
835
Walt34
Walt34
R
  • Locked
Right to farm law-dealing with idiot city worker
2 3
Replies
67
Views
4K
braumeister
braumeister
SnowballCamper
Why Firecalc isn't good enough (and other comments)
2
Replies
36
Views
4K
Out of Steam
Out of Steam
sengsational
Meditation Resolution
2 3 4
Replies
81
Views
5K
ERD50
E

Latest posts

Back
Top Bottom