Log4Shell: iCloud, Steam and other services affected by 0-day vulnerability

Log4Shell is the name of a 0-day security vulnerability that affects many services, including Apple’s iCloud, Steam, and Minecraft. When exploited, this vulnerability allows hackers to execute malicious code on vulnerable servers.

The danger of the Log4Shell security vulnerability

As the security company explains LunaSec, the Log4Shell vulnerability was first discovered in log4j, an open-source library used by many applications and websites for logging. This element is to keep a list of the activities performed in order to review them later to correct bugs or other errors.

According to security researcher Marcus Hutchins, the 0-day flaw could affect millions of applications around the world, with the log4j library being widely used by developers. To exploit the vulnerability, hackers must record a special string with specific characters in the log. It turns out that the vulnerability is easy to exploit and can be triggered in a variety of ways.

Valve, which operates Steam, responded to the flaw. The group says its engineers immediately took a look at its systems and, due to network security rules regarding untrusted code, they don’t believe Steam poses an exploitation risk. Apple, on the other hand, did not comment.