Log4Shell malware vulnerability vaccine is now out for free, which seeks to help lessen the risk of getting hacked by cyber attackers using the massively widespread zero-day exploit.
BERLIN, GERMANY - DECEMBER 27: A participant looks at lines of code on a laptop on the first day of the 28th Chaos Communication Congress (28C3) - Behind Enemy Lines computer hacker conference on December 27, 2011 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants.
Log4Shell Vulnerability Vaccine
As per the report by ZDNet, a cybersecurity firm, Cybereason, rolled out what it touts to be the fix for the Apache Log4Shell vulnerability, serving as a "vaccine" against the malware spreading exploit.
The Boston-based cybersecurity company previously urged users to immediately patch their systems with the latest update from Apache to fix the critical vulnerability.
However, Cybereason also recently acknowledged that some users would have to deal with a problem that prevents them from updating their systems as soon as possible.
That said, the cybersecurity firm went on to introduce a vaccine that could help prevent the risk of being cyber attacked in lieu of the security patch.
Log4Shell Vaccine: How it Works
The "vaccine" for the Apache vulnerability goes by the name "Logout4shell." It is to note that it is available to anyone for free on GitHub.
Not to mention that Cybereason further assured that the "fix" for the zero-day exploit "is a relatively simple fix that requires only basic Java skills to implement."
The Chief Technology Officer of Cybereason, Yonatan Striem-Amit, told ZDNet that the "vaccine" for Log4Shell will also use "the vulnerability itself to set the flag that turns it off."
The Cybereason CTO went on to explain that the "fix" will further change the configuration of the server leading it "to not load things anymore."
Log4Shell Vulnerability Vaccine and Cybersecurity Experts
However, despite the claims of the cybersecurity firm, which gives hope to those exposed to the Log4Shell vulnerability, some experts are sharing their two cents about the "vaccine."
According to the news story by VentureBeat, the founder and chief technology officer at the bug bounty firm, Bugcrowd, Casey Ellis, told the news outlet that the said Log4Shell vaccine is effective in fixing the problem.
What's more, Ellis further said that could also potentially extend a helping hand to the security teams of the affected firms.
However, the security expert warned that the "fix" has some limitations on hand.
Ellis precisely pointed out that the "vaccine" does not work on the Log4j version 2.10, leaving its users with no choice but to install the patch as soon as possible.
In addition to that, the security experts also added that the Cybereason fix for the vulnerability is more of a "supplementary tool." Thus, it has yet to become a cure-all solution to the Log4Shell mess, but there are potentials for it to be one.
Related Article: Finland Cautions Android Users Over Flubot Malware Spread Through Messages | What to Do if Your Device Gets Infected?
This article is owned by Tech Times
Written by Teejay Boris
