A flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10. The library is developed by the open-source Apache Software Foundation and is a key Java-logging framework.
Why does it matter?
Log4j gives software developers a way to build a record of activity to be used for a variety of purposes, such as troubleshooting, auditing and data tracking. Because it is both open-source and free, the library essentially touches every part of the internet. Companies such as Apple, IBM, Oracle, Cisco, Google and Amazon, all run the software. It could present in popular apps and websites, and hundreds of millions of devices around the world that access these services could be exposed to the vulnerability.
Why is this security flaw so bad?
Experts are especially concerned about the vulnerability because hackers can gain easy access to a company’s computer server, giving them entry into other parts of a network. It’s also very hard to find the vulnerability or see if a system has already been compromised