A critical flaw called Log4Shell has been discovered in the Apache Log4j Java-based logging utility which is used worldwide. The vulnerability was being exploited for at least 9 days before it was disclosed to the public, and its use has only gotten worse since then. Log4Shell can allow a hacker to easily execute remote code on services such as Cloudflare, iCloud, AmazonAWS, Tencent QQ, and more.
Tenable said that this is “the single biggest, most critical vulnerability of the last decade,” and the flaw has a CVSS rating of 10, the highest possible score. Anyone with an internet-facing server should act quickly to patch their systems, lest they be used as attack vectors to deliver ransomware, cryptominers, or steal data.
