The patch to fix “the most important cyber vulnerability of the last decade” has a security flaw and could be used by hackers.

Published:

16 dic 2021 14:35 GMT

Researchers are urging companies to install the latest software update for Apache Log4j, a tool that is widely used in applications and web pages.

A security enhancement intended to fix the ‘software’ vulnerability in Apache Log4j – an open source locking tool used by a large number of applications and web pages – has introduced new vulnerabilities that could be used by ‘hackers’ to attack the server.

The flaw was first discovered last week in a video game called Minecraft, owned by Microsoft. Since all major business applications and servers based on the Java programming language have infected tools, many services are vulnerable.

Amit Yoran is the CEO of Denable, a cyber security company Promised This is “the biggest and most significant impact of the last decade”, which is not to say that it could be the worst in modern computing history.

Fixed an issue with the security update, but it introduced new vulnerabilities. Cyber ​​Security Agency Pretorian Reported This Wednesday’s patch “may allow more important data leaks in certain circumstances.” Also, Apache Log4j developers Confident The fix “was incomplete in some non-default settings” and gave hackers the opportunity to launch denial attacks.

The New Zealand Computer Emergency Response (CERT) team, Deutsche Telekom (Germany) CERT and Web Monitoring Service Greynoise have warned that hackers are actively searching for vulnerable servers. ‘Software’ failure.

The original vulnerability is actively used by malicious actors. One step Evaluation The Financial Times quoted more than 1.2 million attacks using the Log4J flaw since last Friday.

To address the vulnerability identified as CVE-2021-45046, researchers are urging companies to install the new patch released as version 2.16.0 earlier this week.