Everywhere you look these days, you hear about a very nasty zero-day vulnerability affecting a lot of companies and services. And not without reason, as the exploitation of the flaw is very simple, and it provides instant remote access to the server or the computer running the program. But what about Android?
Android is known to have Java as one of its primary programming languages, and log4j is a logging library used in a Java environment.
For this reason, it is likely that all Android devices are affected by this serious vulnerability. Fortunately, this is not true - or only partially true.
According to Android is built with its own error logging solution, it does not use log4j by default. Android applications can use it, but it would take a lot of work for the developer to get it to actually work well, as it is not a widespread solution. Also, Android applications run in isolation, in a sandbox, which means more security.
Indirectly, all Android devices could be affected, because of the servers. Because, in many web applications you can find the log4j.
One of the most common is the Minecraft game servers, where this vulnerability has been actively exploited to take control of the servers. In this case, because they have access to the server content and can also execute viral links, redirects to phishing sites - we can be affected on the client side.
Fortunately, the vulnerability itself does not directly affect Android.
Desktops, laptops and servers are more affected, so it is important to update everything as quickly as possible, as many people are currently trying to exploit this vulnerability because of its simplicity and effectiveness.
