According to a report on Friday, major apps and services such as iCloud, Cloudflare, Steam, Twitter, and others are vulnerable to a bug.
On Thursday, researchers noticed that a popular Java logging library (log4j) had a bug that allows for Remote Code Execution or RCE, hacker lingo for one of the most dangerous types of vulnerabilities, one that essentially allows hackers to take control of the target. GitHub labeled the vulnerability as “critical severity,” and many researchers, as well as the Director of Cybersecurity at the NSA, are sounding the alarm.
If the NSA is publicly worried, you know it’s bad. Update: Cloudflare says they are not vulnerable, “We responded quickly to evaluate all potential areas of risk and updated our software to prevent attacks, and have not been able to replicate any external claims that we might be at risk.” The company published a blog post on the matter.