Security companies do not stop working. "Thank you" to all those who are always looking for vulnerabilities in business operating systems and services. Because of them, we are becoming more secure and better security measures are implemented. It is true that sometimes these vulnerabilities are exploited for their own benefit, but they are also learned from these. The new one is an exploit that they have called «Log4Shell«. It is able to take advantage of Apple's iCloud weaknesses.
As detailed by the security company LunaSec, the vulnerability was first found in log4j. This is an open source library used by multiple applications and websites for registration. That is, the process of keeping a list of activities performed to review later to find and correct possible errors or other failures. Security expert Marcus Hutchins says that Log4Shell could affect millions of applications around the world. The reason is because the log4j library is widely used by developers. To exploit the vulnerability, hackers must save a special string with specific characters in the registry. Attackers can even activate malicious code via QR codes.
To exploit the vulnerability, an attacker has to make the application save a special string of characters in the registry. Since applications routinely log a wide range of events, such as messages sent and received by users, or details of system errors, the vulnerability it's unusually easy to exploit and it can be triggered in a number of ways.
The first time the exploit was seen to work successfully was in the Minecraft video game. Through chat, discovered vulnerabilities were exploited. Where "Log4Shell" felt comfortable. Security specialists claim that It could also harm Apple's iCloud service.
Although Apple has not officially responded, he sure is working on it.
