New zero-day exploit for Log4j Java library is an enterprise nightmare

From bleepingcomputer.com

New zero-day exploit for Log4j Java library is an enterprise nightmare

Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike to remote code execution attacks.

Log4j is developed by the Apache Foundation and is widely used by both enterprise apps and cloud services.

Thus, while home users might have moved on from Java, anything from enterprise software to cloud software such as Apple’s iCloud and Steam is likely vulnerable to RCE exploits targeting this vulnerability.

Read more…