In the 12 hours since the bug’s existence was disclosed, it had been “fully weaponized,” meaning malefactors had developed and distributed tools to exploit it. Science Photo Library
In the 12 hours since the bug’s existence was disclosed, it had been “fully weaponized,” meaning malefactors had developed and distributed tools to exploit it. Science Photo Library
In the 12 hours since the bug’s existence was disclosed, it had been “fully weaponized,” meaning malefactors had developed and distributed tools to exploit it. Science Photo Library
In the 12 hours since the bug’s existence was disclosed, it had been “fully weaponized,” meaning malefactors had developed and distributed tools to exploit it. Science Photo Library

Apple, Amazon, Twitter, Minecraft vulnerable as techs race to fix software flaw


  • English
  • Arabic

A critical vulnerability in a widely used software tool — one quickly exploited in the online game Minecraft — is rapidly emerging as a major threat to organizations around the world.

“The Internet’s on fire right now,” said Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike.

“People are scrambling to patch,” he said, “and all kinds of people scrambling to exploit it.” He said on Friday that in the 12 hours since the bug’s existence was disclosed that it had been “fully weaponized,” meaning malefactors had developed and distributed tools to exploit it.

The flaw may be the worst computer vulnerability discovered in years.

It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across industry and government. Unless it is fixed, it grants criminals, spies and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.

“I’d be hard-pressed to think of a company that’s not at risk,” said Joe Sullivan, chief security officer for Cloudflare, whose online infrastructure protects websites from malicious actors. Untold millions of servers have it installed, and experts said the fallout would not be known for several days.

Amit Yoran, CEO of the cybersecurity firm Tenable, called it “the single biggest, most critical vulnerability of the last decade” — and possibly the biggest in the history of modern computing.

The vulnerability, dubbed ‘Log4Shell,’ was rated 10 on a scale of one to 10 the Apache Software Foundation, which oversees development of the software. Anyone with the exploit can obtain full access to an unpatched computer that uses the software,

Experts said the extreme ease with which the vulnerability lets an attacker access a web server — no password required — is what makes it so dangerous.

New Zealand’s computer emergency response team was among the first to report that the flaw was being “actively exploited in the wild” just hours after it was publicly reported on Thursday and a patch released.

The vulnerability, located in open-source Apache software used to run websites and other web services, was reported to the foundation on Nov. 24 by the Chinese tech giant Alibaba, it said. It took two weeks to develop and release a fix.

But patching systems around the world could be a complicated task. While most organizations and cloud providers such as Amazon should be able to update their web servers easily, the same Apache software is also often embedded in third-party programs, which often can only be updated by their owners.

Mr Yoran, of Tenable, said organizations need to presume they’ve been compromised and act quickly.

The first obvious signs of the flaw’s exploitation appeared in Minecraft, an online game hugely popular with kids and owned by Microsoft. Mr Meyers and security expert Marcus Hutchins said Minecraft users were already using it to execute programs on the computers of other users by pasting a short message in a chat box.

Microsoft said it had issued a software update for Minecraft users.

“Customers who apply the fix are protected,” it said.

Researchers reported finding evidence the vulnerability could be exploited in servers run by companies such as Apple, Amazon, Twitter and Cloudflare.

Mr Sullivan of Cloudflare said there we no indication his company’s servers had been compromised.

The specs

Engine: 2.0-litre 4cyl turbo

Power: 261hp at 5,500rpm

Torque: 405Nm at 1,750-3,500rpm

Transmission: 9-speed auto

Fuel consumption: 6.9L/100km

On sale: Now

Price: From Dh117,059

COMPANY%20PROFILE
%3Cp%3E%3Cstrong%3EName%3A%3C%2Fstrong%3E%20Floward%0D%3Cbr%3E%3Cstrong%3EBased%3A%20%3C%2Fstrong%3ERiyadh%2C%20Saudi%20Arabia%0D%3Cbr%3E%3Cstrong%3EFounders%3A%20%3C%2Fstrong%3EAbdulaziz%20Al%20Loughani%20and%20Mohamed%20Al%20Arifi%0D%3Cbr%3E%3Cstrong%3ESector%3A%20%3C%2Fstrong%3EE-commerce%0D%3Cbr%3E%3Cstrong%3ETotal%20funding%3A%20%3C%2Fstrong%3EAbout%20%24200%20million%0D%3Cbr%3E%3Cstrong%3EInvestors%3A%20%3C%2Fstrong%3EAljazira%20Capital%2C%20Rainwater%20Partners%2C%20STV%20and%20Impact46%0D%3Cbr%3E%3Cstrong%3ENumber%20of%20employees%3A%20%3C%2Fstrong%3E1%2C200%3C%2Fp%3E%0A
23-man shortlist for next six Hall of Fame inductees

Tony Adams, David Beckham, Dennis Bergkamp, Sol Campbell, Eric Cantona, Andrew Cole, Ashley Cole, Didier Drogba, Les Ferdinand, Rio Ferdinand, Robbie Fowler, Steven Gerrard, Roy Keane, Frank Lampard, Matt Le Tissier, Michael Owen, Peter Schmeichel, Paul Scholes, John Terry, Robin van Persie, Nemanja Vidic, Patrick Viera, Ian Wright.

Pros%20and%20cons%20of%20BNPL
%3Cp%3E%3Cstrong%3EPros%3C%2Fstrong%3E%0D%3C%2Fp%3E%0A%3Cul%3E%0A%3Cli%3EEasy%20to%20use%20and%20require%20less%20rigorous%20credit%20checks%20than%20traditional%20credit%20options%0D%3C%2Fli%3E%0A%3Cli%3EOffers%20the%20ability%20to%20spread%20the%20cost%20of%20purchases%20over%20time%2C%20often%20interest-free%0D%3C%2Fli%3E%0A%3Cli%3EConvenient%20and%20can%20be%20integrated%20directly%20into%20the%20checkout%20process%2C%20useful%20for%20online%20shopping%0D%3C%2Fli%3E%0A%3Cli%3EHelps%20facilitate%20cash%20flow%20planning%20when%20used%20wisely%0D%3C%2Fli%3E%0A%3C%2Ful%3E%0A%3Cp%3E%3Cstrong%3ECons%3C%2Fstrong%3E%3C%2Fp%3E%0A%3Cul%3E%0A%3Cli%3EThe%20ease%20of%20making%20purchases%20can%20lead%20to%20overspending%20and%20accumulation%20of%20debt%0D%3C%2Fli%3E%0A%3Cli%3EMissing%20payments%20can%20result%20in%20hefty%20fees%20and%2C%20in%20some%20cases%2C%20high%20interest%20rates%20after%20an%20initial%20interest-free%20period%0D%3C%2Fli%3E%0A%3Cli%3EFailure%20to%20make%20payments%20can%20impact%20credit%20score%20negatively%0D%3C%2Fli%3E%0A%3Cli%3ERefunds%20can%20be%20complicated%20and%20delayed%0D%3C%2Fli%3E%0A%3C%2Ful%3E%0A%3Cp%3E%3Cem%3ECourtesy%3A%20Carol%20Glynn%3C%2Fem%3E%3C%2Fp%3E%0A
Dr Afridi's warning signs of digital addiction

Spending an excessive amount of time on the phone.

Neglecting personal, social, or academic responsibilities.

Losing interest in other activities or hobbies that were once enjoyed.

Having withdrawal symptoms like feeling anxious, restless, or upset when the technology is not available.

Experiencing sleep disturbances or changes in sleep patterns.

What are the guidelines?

Under 18 months: Avoid screen time altogether, except for video chatting with family.

Aged 18-24 months: If screens are introduced, it should be high-quality content watched with a caregiver to help the child understand what they are seeing.

Aged 2-5 years: Limit to one-hour per day of high-quality programming, with co-viewing whenever possible.

Aged 6-12 years: Set consistent limits on screen time to ensure it does not interfere with sleep, physical activity, or social interactions.

Teenagers: Encourage a balanced approach – screens should not replace sleep, exercise, or face-to-face socialisation.

Source: American Paediatric Association
Brief scores:

Toss: Rajputs, elected to field first

Sindhis 94-6 (10 ov)

Watson 42; Munaf 3-20

Rajputs 96-0 (4 ov)

Shahzad 74 not out

Maestro
%3Cp%3E%3Cstrong%3EDirector%3A%20%3C%2Fstrong%3EBradley%20Cooper%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarring%3A%20%3C%2Fstrong%3EBradley%20Cooper%2C%20Carey%20Mulligan%2C%20Maya%20Hawke%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%203%2F5%3C%2Fp%3E%0A
UAE currency: the story behind the money in your pockets
UAE currency: the story behind the money in your pockets
COMPANY PROFILE
Name: Akeed

Based: Muscat

Launch year: 2018

Number of employees: 40

Sector: Online food delivery

Funding: Raised $3.2m since inception 

The Voice of Hind Rajab

Starring: Saja Kilani, Clara Khoury, Motaz Malhees

Director: Kaouther Ben Hania

Rating: 4/5

War 2

Director: Ayan Mukerji

Stars: Hrithik Roshan, NTR, Kiara Advani, Ashutosh Rana

Rating: 2/5

Updated: December 11, 2021, 1:45 AM