Patch Your Apache Server to Avoid ‘Log4Shell’ Java Exploit
If you’re running a service that relies on Apache Struts or uses the popular Apache Log4j utility we hope you haven’t made plans for the weekend.
There’s a massive Java vulnerability called Log4Shell that has companies worldwide frantically spending their Friday afternoons working on fixes, and Minecraft is one of the many vulnerable Java-using programs.
The specific vulnerability is found in log4j, an open-source logging library used by various apps and services around the internet, including Minecraft servers, Steam, and iCloud, according to LunaSec.
Marcus Hutchins, a well-known security researcher, said, “Millions of applications use Log4j for logging, and all the attacker needs to do is get the app to log a special string.”
In the case of Minecraft, attackers have already been actively using the exploit, and several servers were already taken offline. The attackers only need to post chat messages to trigger the vulnerability. According to Minecraft’s team, “This vulnerability poses a potential risk of your computer being compromised.”
If you run a Minecraft server, the game’s official website has a list of steps you need to take to make sure your server is secure.
An update to the log4j library has already been released, but there are tons of applications and people using Java, and it’ll take time before everyone has the update. This vulnerability is dangerous because it is so easy to exploit. As always, make sure everything on your computer is updated to protect yourself from this and other threats.