The same was done with a Tesla car by an unnamed researcher who published his findings on his anonymous Github repository Log4jAttackSurface. Theoretically, a malicious attacker could host malware on a server and rename an iPhone to force Apple’s servers to visit her URL on that server and download the malware. However, well-managed networks are relatively easy to prevent such attacks, so that’s a long way off. Additionally.
Now that the Log4Shell cat is out of the bag, researchers are experimenting with all the different ways the exploit could be used in the wild. This includes his two recent examples of how vulnerabilities in the open source Java tool Log4j can be used in iPhones and Tesla cars to compromise communication between servers and endpoints. Dutch researchers demonstrated how renaming an iPhone to a string forced the other side’s server to access a specific URL.
“We expect the vulnerabilities to be widely exploited by experienced attackers, and we have limited time to take the necessary steps to reduce the potential for damage,” she said. This is tracked as CVE-2021-44228 and allows malicious actors to execute virtually any code. An expert warns that the skill required to exploit this bug is very low, and he urges everyone to patch Log4j as soon as possible. Organizations using Log4j in their software should immediately update to the latest version 2.15 available from Maven Central.
The Verge further explained that there are no indications that such methods could lead to wider compromises of these companies very strong vulnerability. Log4Shell is the name of an exploit recently discovered in the Java tool Log4j, which some researchers believe handles millions of incident logging devices. American film director Jen Easterly. Cybersecurity and Infrastructure Her Security Her Agency (CISA) described the bug as “one of her most serious, if not the most serious,” and that she’s had more than one in her career so far.