https://techcrunch.com/2021/12/10/apple-icloud-twitter-and-minecraft-vulnerable-to-ubiquitous-zero-day-exploit/

A number of popular services, including Apple iCloud, Twitter, Cloudflare, Minecraft and Steam, are reportedly vulnerable to a zero-day exploit affecting a popular Java logging library.

The vulnerability, dubbed “Log4Shell” by researchers at LunaSec and credited to Chen Zhaojun of Alibaba, has been found in Apache Log4j, an open source logging utility that’s used in a huge number of apps, websites and services. Log4Shell was first discovered in Microsoft-owned Minecraft, though LunaSec warns that “many, many services” are vulnerable to this exploit due to Log4j’s “ubiquitous” presence in almost all major Java-based enterprise apps and servers. In a blog post, the cybersecurity company warned that anybody using Apache Struts is “likely vulnerable.”