Hundreds of millions of devices around the globe are potentially exposed due to a newly discovered vulnerability found in Java-based software. A senior cyber official from the Biden administration has warned major US industries that they need to take action against one of the most serious flaws observed in history.
The vulnerability was found in software known as “Log4j” which is commonly used by some of the world’s biggest tech firms to log information on their applications. This security flaw allows easy access to an organization’s server. From there, a hacker can easily break into an organization’s network.
Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency said:
This vulnerability is one of the most serious that I’ve seen in my entire career, if not the most serious. We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damaging incidents.
Cybersecurity experts have said that it could take weeks to address the vulnerability and suspected Chinese hackers are already attempting to exploit it.
The creator of Log4j software, The Apache Software Foundation, has released a security fix for organizations to apply. Major companies including Amazon and IBM are already working on addressing the bug in their products.
