NewsCovering America

Actions

EXPLAINER: The security flaw that's freaked out the internet

Cybersecurity Java Vulnerability
Posted at 9:48 PM, Dec 14, 2021
and last updated 2021-12-15 00:48:45-05

BOSTON (AP) — Security pros say it’s one of the worst computer vulnerabilities they’ve ever seen. They say state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already seized on it.

The Department of Homeland Security is sounding a dire alarm, ordering federal agencies to urgently eliminate the bug because it’s so easily exploitable — and telling those with public-facing networks to put up firewalls if they can’t be sure.

The affected software is small and often undocumented. Detected in a widely used utility called Log4j, the flaw lets internet-based attackers seize control of everything from industrial control systems to consumer electronics.