The list of services with internet infrastructure vulnerable to a zero day critical vulnerability in the open source Log4j logging utility is huge and reads like a who’s who of the biggest names on the internet including Apple, Amazon, Cloudflare, Steam , Tesla, Twitter and Baidu.
The vulnerability, now known as Log4Shell, was exposed on Thursday afternoon when several Minecraft News services and sites warned of the active circulation of attack code that exploited the vulnerability to execute malicious code on servers and clients running the world’s best-selling game. Soon it became clear that Minecraft was just one of thousands of big-name services that could be brought down by similar attacks.
A compilation of screenshots posted documents online on how some of the world’s most popular and trusted cloud services react when they receive the parameters used in the attack. To witness it:
The images use a Domain Name System leak detection service called dnslog.cn to see if the target cloud service is performing a DNS lookup. Each image shows that the service accepts connections from a machine controlled by an attacker (as evidenced by the IP connection log).
“Normally, typing something in a username box should never establish an external network connection, so the fact that this proves that Log4j is being used here and therefore the server may be vulnerable to the runtime attack. remote code, âArs reader skizzerz explained in the comments below.
While the images show the services responding unintentionally and potentially dangerously to user input, the services are not automatically vulnerable to the types of code execution attacks that have compromised Minecraft waiters. This is because these services usually have multiple layers of defense. If one coat fails, additional coats are often available to reduce or completely eliminate any actual damage.
Then again, the footage demonstrates that unauthorized people can exploit Log4Shell to gain access to the servers of some of the world’s most powerful companies in ways they never envisioned. When asked about access to Apple’s servers, Malwarebytes director of Mac offerings Thomas Reed said: services as we speak. Apple officials did not respond to an email seeking comment.
Cloudflare, meanwhile, said in a post that it has taken steps to block attacks on its network and against its customers. Cloudflare chief security officer Joe Sullivan said his team were unable to replicate the behavior shown in the image and were not recognizing the displayed IP addresses.
Minecraft rolled out a patch on Friday.
The bottom line is that it is too early now to say that these services are not vulnerable. For now, people should remain wary and wait for advice from affected providers.
Listing Image by Jeffrey Coolidge / Getty Images