Four days ago, the Log4Shell Java exploit was unearthed, allowing hackers to take control of exposed web-facing servers by sending and activating a malicious string of text, affecting tech giants such as Microsoft, NVIDIA, and Intel. This exploit is located in the open-source Apache Log4j library that logs events and errors inside Java-based applications.
Log4J, or Log4Shell exploit attacks Java-based systems remotely, opening up to crucial data leaks and more
The vulnerability is, also known as Log4J, is tracked under CVE-2021-44228, given by the National Institute of Standards and Technology, or NIST. This exploit can be accessed via a mobile device, API, or a browser window.
Top tech companies, such as Intel, Microsoft, and NVIDIA have all been affected by this highly effective exploit. Intel has nine applications that utilize Java and are vulnerable to the hack. Provided is the list of Intel applications affected:
- Intel Audio Development Kit
- Intel Datacenter Manager
- oneAPI sample browser plugin for Eclipse
- Intel System Debugger
- Intel Secure Device Onboard (GitHub)
- Intel Genomics Kernel Library
- Intel System Studio
- Computer Vision Annotation Tool maintained by Intel
- Intel Sensor Solution Firmware Development Kit
Due to the nature of NVIDIA and their applications and services consistently updated with the latest versions, the exploit is much harder to trace. The company does put into consideration that server managers do not consistently offer the newest updates to their machines, so NVIDIA is listing four possible products that could have a high percentage of being affected by Log4J, especially if the drivers for the products are outdated since release:
- CUDA Toolkit Visual Profiler and Nsight Eclipse Edition
- DGX Systems
- NetQ
- vGPU Software License Server
Since NVIDIA’s DGX enterprise PCs are preloaded with Ubuntu-Linux OS and also vulnerable to the exploit, NVIDIA is communicating to users capable of manually installing Apache’s Log4J functionality block to update their systems immediately.
Microsoft’s Azure Spring Cloud and Azure DevOps application have both been patched since the vulnerability was discovered. Azure Spring Cloud utilizes specific elements of the Log4Shell that are located in the system’s boot process. Due to the nature of this exploit, if the system is not updated, they will become vulnerable.
Interestingly, AMD has remained unscathed by the Log4J exploit. After the initial investigation of their product lines, AMD announced that none of the lines have been affected, but they will continue their search due to the severity of the vulnerability.
The post AMD slips by as Log4Shell exploit affects other top tech giants, such as Intel, Microsoft, and NVIDIA by Jason R. Wilson appeared first on Wccftech.
