1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Log4Shell can hack your iPhone and even a Tesla

    From TechnologyDaily@1337:1/100 to All on Wed Dec 15 14:00:04 2021
    Log4Shell can hack your iPhone and even a Tesla

    Date:
    Wed, 15 Dec 2021 13:48:03 +0000

    Description:
    Log4Shell is quickly turning out to be one of the most dangerous flaws ever discovered

    FULL STORY ======================================================================

    Now that the Log4Shell cat is out of the bag, researchers are experimenting with all the different ways the exploit could be used in the wild.

    This includes two recent examples showing how the vulnerability in the Log4j open-source Java tool could be used on an iPhone, or a Tesla car, to compromise the server communicating with the endpoints .

    A Dutch researcher has demonstrated how changing the iPhones name to a string of characters could force the server on the other end trying to access a specific URL. The same was done with a Tesla car by an unknown researcher,
    who posted their results to the anonymous Log4jAttackSurface Github repository. Growing risks

    Theoretically, a malicious actor could host malware on a server and then, by changing the name of an iPhone, could force Apples servers to access that servers URL and download the malware.

    Its a long shot though, as any well-maintained network would be able to prevent such an attack with relative ease. Whats more, theres no indication such a method could lead to any broader compromise of these firms, The Verge further explained. Extremely potent vulnerability

    Log4Shell is the name of recently discovered exploit in the Log4j Java tool which some researchers believe handles millions of devices for incidient logging purposes.

    Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) described the flaw as one of the most serious shes
    seen in her entire career, if not the most serious.

    We expect the vulnerability to be widely exploited by sophisticated actors
    and we have limited time to take necessary steps in order to reduce the likelihood of damage, Easterly explained.

    Its tracked as CVE-2021-44228, and allows malicious actors to run virtually any code. The skills required to take advantage of the flaw are very low, experts have warned, urging everyone to patch Log4j as fast as they can.

    Organizations using Log4j in their software should upgrade it to the latest 2.15 version immediately which is available from Maven Central .

    You might also want to check out our list of the best firewalls right now

    Via: The Verge



    ======================================================================
    Link to news story: https://www.techradar.com/news/log4shell-can-hack-your-iphone-and-even-a-tesla /


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)