log4j: Tech companies scramble to fix software vulnerability that 'threatens entire internet'

Tech companies across the world are under pressure to fix a software vulnerability that many cybersecurity experts are calling one of the worst to be discovered in recent years. The vulnerability, known as Log4shell, was identified in Apache's Log4j software library that helps developers keep track of changes in the applications they build. The software flaw was first noticed on sites catering to the popular video game Minecraft, and was officially reported to Apache on 24 November by Chen Zhaojun of Alibaba, according to Crowdstrike. But it soon became clear that the vulnerability had far-reaching implications since the software is ubiquitous, used in millions of applications across the internet, including Amazon Web Services, Apple's iCloud, and the video game distribution service Steam. Experts say the vulnerability can allow hackers to control java-based web servers and enable them to execute remote code execution (RCE) attacks, which they may use to take control of affected systems.