Fractal Softworks Forum

Other => Discussions => Topic started by: xenoargh on December 12, 2021, 10:35:01 AM

Title: Log4J attack!
Post by: xenoargh on December 12, 2021, 10:35:01 AM

This is probably Old News for most of the IT pros here, but be aware that Log4J (which is used by Starsector, Minecraft, a wide variety of Linux distros, etc., etc.) has been successfully attacked and allows for a very broad assault on end-users' machines. This security flaw has been patched by the Log4J team in the current version.

Title: Re: Log4J attack!
Post by: Alex on December 12, 2021, 12:39:56 PM

The fact that Starsector is a single-player game entirely aside (and so isn't subject to the Minecraft "chat message" attack vector type of thing), the version of log4j it's using also fortunately doesn't have this vulnerability, by virtue of being too old.

Title: Re: Log4J attack!
Post by: xenoargh on December 14, 2021, 12:28:11 PM

Well, sometimes using an old codebase has its advantages, lol.

I mainly wanted to make sure people were informed and did the basics (https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/#determine-if-you-are-impacted-by-log4shell) to check their projects out, as this is a pretty nasty Zero Day exploit.