A critical flaw discovered in software used in millions of devices across the world has cybersecurity experts worried.The vulnerability is in Java-based software known as “Log4j” that many software developers use to configure their applications. Its widespread use makes it a widespread problem.
UNSW Sydney Professor Salil Kanhere explained that “almost every bit of software we use will keep records of errors and other important events” - known as logs.
“Rather than creating their own logging system, many software developers use the open-source Log4j, making it one of the most common logging frameworks in the world,” he told 7NEWS.com.au.
“Attackers can trick Log4j into running malicious code by forcing it to store a log entry that includes a particular string of text.”
Extract from the 7News article, read in full here.