A critical security vulnerability has been discovered in Apache Log4j, an open-source logging library used by many popular Java applications to provide logging functionality for troubleshooting purposes, according to the Australian Cyber Security Centre (ACSC).
The software’s vulnerability, known as Log4Shell, allows for remote code execution, which, if left unfixed, could allow cybercriminals to take control of IT systems, steal personal data, passwords and files, and install backdoors for future access, simply by adding an additional line of arbitrary code. According to the ACSC, malicious cyber actors have used this vulnerability to target and compromise IT systems globally and in Australia, which led the ACSC to publish advice on mitigation and detection recommendations.
The Apache Software Foundation, which manages the Log4j software, has released a security fix for organisations to apply. The ACSC has recommended that all organisations which use Log4j update to the most recent version of the software and follow issued recommendations to protect their systems against malicious attacks.
This again highlights the need for organisations to continue to monitor and apply critical security patches to protect the safety of their systems and data, even (and perhaps especially) as we head into the holiday season and people’s minds naturally wander from all the pressures the last 2 years have thrown our way.
We will keep you posted on any further updates.