Techs fight to fix software bugs that were exploited in the game “Minecraft”

0

BOSTON (AP) – A software vulnerability exploited in the online game Minecraft is quickly becoming a major threat to internet connected devices around the world.

“The internet is on fire right now,” said Adam Meyers, senior vice president of intelligence at cybersecurity firm Crowdstrike. “People are trying to apply patches, and there are script kiddies and all kinds of people trying to take advantage of it.” He said Friday morning that in the 12 hours since the bug was announced, it has become “fully weaponized.” which means that malefactors developed and distributed tools to take advantage of them.

The bug could be the worst computer vulnerability discovered in years. It opens a loophole in software code that is ubiquitous in cloud servers and enterprise software used in industry and government. It could allow criminals or spies to loot valuable data, install malware or delete important information, and much more.

“I have a hard time imagining a company that isn’t at risk,” said Joe Sullivan, chief security officer of Cloudflare, whose online infrastructure protects websites from malicious actors. Countless millions of servers have it installed, and experts said the fallout wouldn’t be known for several days.

Amit Yoran, CEO of cybersecurity company Tenable, called it “the biggest and most critical vulnerability of the last decade” – and possibly the biggest in the history of modern computers.

The vulnerability called ‘Log4Shell’ was rated 10 on a scale of one to 10 by the Apache Software Foundation, which oversees the development of the software. Anyone with the exploit can Get full access to an unpatched computer who uses the software,

The New Zealand computer emergency team was one of the first to report the error “Actively exploited in the wild” just hours after it was publicly reported and a patch released on Thursday.

The vulnerability, which resides in the open source Apache software used to run websites and other web services, was discovered by Chinese technology giant Alibaba on November 24th. said the foundation.

Finding and patching the software can be a complicated task. While most organizations and cloud providers should be able to easily update their web servers, the same Apache software is often also embedded in third-party programs that often can only be updated by their owners.

Tenable’s Yoran said businesses need to assume they’ve been compromised and act quickly.

Exploitation of the bug was apparently first discovered in Minecraft, an online game very popular with children and owned by Microsoft.

Meyers and security expert Marcus Hutchins said Minecraft users have already used it to run programs on other users’ computers by pasting a short message in a chat box.

Microsoft said it has released a software update for Minecraft users. “Customers who apply the fix are protected,” it said.

The researchers reported that they found evidence that the vulnerability could be exploited in servers owned by companies such as Apple, Amazon, Twitter, and Cloudflare.

Cloudflare’s Sullivan said there was no evidence of his company’s servers being compromised. Apple, Amazon and Twitter did not immediately respond to requests for comment.



Source link

Share.

About Author

Comments are closed.