Asian Tech Press (Dec 17) -- China's technology industry regulator warned Friday that a serious security vulnerability exists in the Java-based logging library Apache Log4j 2, and alerted users to the release of a patch for it.
The Ministry of Industry and Information Technology (MIIT) revealed that Alibaba Cloud, also known as Aliyun, Alibaba's cloud computing unit, recently discovered a remote code execution (RCE) vulnerability in the Apache Log4j 2, and informed the Apache Software Foundation (ASF) about it.
It could lead to remote control of the device, which in turn could cause serious harm such as theft of sensitive information and interruption of device services, and is a high-risk vulnerability.
To reduce cybersecurity risks, MIIT reminds to pay close attention to the patch release for this vulnerability, check the use of Apache Log4j 2 in their own related information systems, and upgrade its version in a timely manner.