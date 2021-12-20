



New Delhi: Google is scrambling to fill in serious security bugs that can upset millions of people on the Internet, so Google has over 35,000 Java packages, the Maven Central repository (the most important Java package). It is said that it is equivalent to 8% or more of the repository). Affected by recently released vulnerabilities, fallout is widespread throughout the software industry.

Cybercriminals have made thousands of attempts to exploit a second vulnerability related to the Java logging system called “Apachelog4j2”. According to Google, this vulnerability has captivated the information security ecosystem since its disclosure on December 9, both because of its seriousness and its widespread impact.

“As a popular logging tool,’log4j’ is used in tens of thousands of software packages (known as’artifacts’ in the Java ecosystem) and projects across the software industry,” Google said in a blog post. I am.

Lack of visibility into user dependencies and transitive dependencies makes patching difficult. It also says, “It is difficult to determine the total blast radius for this vulnerability.”

As of December 16, Google discovered that 35,863 of the Java “artifacts” available from MavenCentral depend on the affected log4j code. This means that over 8% of all Maven Central packages have at least one version affected by this vulnerability.

“As far as ecosystem impacts are concerned, 8% is tremendous. The average ecological impact of advisories affecting Maven Central is 2%, with a median of less than 0.1%,” Google said. ..

To date, nearly 5,000 “artifacts” have been patched, leaving over 30,000. Meanwhile, Apache released version 2.17.0 of the Log4j patch after discovering a problem with a previous release released last week.

On Friday, security researchers tweeted about a potential issue in 2.16.0, some identifying “denial of service vulnerabilities.” Cybersecurity companies have discovered that major ransomware groups like Conti are looking for ways to exploit this vulnerability.

They have made more than 100 attempts per minute by hackers to exploit a critical security vulnerability in a widely used Java logging system called “Apache log4j2”, and millions of companies around the world. Warned that it was at risk of cyber theft.

Some popular services, such as Apple iCloud, Amazon, Twitter, Cloudflare, and Minecraft, are vulnerable to this “ubiquitous” zero-day exploit and are now called one of the most serious vulnerabilities on the Internet. I am.

“Apache Log4j” is used in various forms of enterprise and open source software such as cloud platforms, web applications, and email services.

