Late last week, IT departments around the world were paralysed following the discovery of what may be the most critical security flaw in any single software component in the 21st century: Log4Shell, a bug in the logging library Log4j developed by Apache.
Among the many companies that have been working frantically in recent days to update all their vulnerable systems is Apple, which appears to be using Log4j in its iCloud servers.
Eclectic Light Company reports that security researchers who tested against iCloud on Thursday and Friday were caught out, but when they tested on Saturday the bug was fixed.
“As you’d both hope and expect,” the site reports, “iCloud was fixed quickly. Although researchers were able to demonstrate the vulnerability when connecting to iCloud through the web on 9 and 10 December, by 11th that no longer worked. It also doesn’t appear to have affected macOS or other direct connections.”
Log4Shell was discovered by a security researcher at Alibaba and began being used among Minecraft players to hack open servers. Microsoft was also quick to come out with fixes for Minecraft.
This article originally appeared on
Macworld Sweden. Translation (using
DeepL) by David Price.