Wow! There is a Log4Shell security flaw, it can attack iPhone and Tesla


A few days ago, a security flaw called Log4Shell was discovered which was a headache for security teams at large companies, and now it has been discovered that the vulnerability can be used to exploit iPhones.

The latest findings from the Log4Shell loophole can be used to attack iPhones and Teslas. Namely by renaming the iPhone with a certain series of codes, which allows it to trigger pings from Apple and Tesla servers, indicating that both servers were also affected by the Log4Shell loophole.

To prove this, a number of security researchers changed the device name on the iPhone to a specific string of characters, which then triggered the sending of a specific URL to the server.

After the name was changed, there was incoming data traffic in the form of URL requests from IP addresses belonging to Apple and China Unicom, which is Tesla's partner in the Chinese market. This means, the security researchers were successful in tricking Apple and Tesla servers to visit the URLs they specified.

This demonstration was carried out by a security researcher from the Netherlands, and there are other security researchers who uploaded these findings to Github anonymously, as quoted from The Verge, Wednesday (15/12/2021).

If this security researcher's claim is true, then this Log4Shell loophole issue is truly widespread. Although it is not yet known whether this loophole will be useful for cybercriminals.

In theory, cybercriminals could exploit this vulnerability to redirect servers to URLs containing malware. But a well-maintained network should be able to overcome this problem at the network level.

However, in a Cado report, a digital forensics platform, stated that they detected the use of this method to install the Mirai botnet code.

This vulnerability was first discovered on Minecraft servers, where attackers can act using in-game messages, and systems that send and receive messages in other formats such as SMS can also become victims.

Previous Post Next Post