Bigstep Blog What is the Log4j vulnerability and which are the latest updates?

Log4j is developed by the Apache Foundation and it is a popular Java library used in a variety of consumer and enterprise services, websites, applications, and operational technology products. People are generally unaware of Log4j, since the software is used to record activities that go on under the hood in a wide range of computer systems. In December, news arose that attackers started exploiting this obscure vulnerability, which created a wide global uproar due to its gravity, with CISA, FBI, NSA, and country-level cybersecurity authorities releasing a joint Cybersecurity Advisory. The Log4j vulnerability affects everything from the cloud to developer tools and security devices. Below is a short history and description of why the vulnerability is so dangerous, as well as a timeline of news and different patches released since its discovery.