Steam, Apple iCloud, And Minecraft Vulnerable To Zero-Day Exploit

The 0-day wastweetedon December 9 along with a proof-of-concept (POC) posted onGitHub.

The vulnerability in Apples servers can be triggered by simplychanging an iPhones name.

The issue affects all versions between 2.0-beta-9 and version 2.14.1.

The vulnerability affects all versions between 2.0-beta-9 and version 2.14.1.

Many Open Source projects like the Minecraft server, Paper, have already begun patching their usage of log4j2.

An extensive list of responses from impacted organizations has been listedhere.

From Log4j 2.15.0, this behavior has been disabled by default.

Those using Log4j in their software are recommended to upgrade it to the latest 2.15 version immediately.

source: www.techworm.net