Skip to content
Business
Cybersecurity

Inside the Race to Fix a Potentially Disastrous Software Flaw

An employee on Alibaba’s cloud-security team alerted Apache’s developers of the flaw and urged them to ‘please hurry up’

Updated on

At 2:51 p.m. on Nov. 24, members of an open-source software project received an alarming email. The contents threatened to undermine years of programming by a small group of volunteers and unleash massive cyberattacks across the globe.

“I want to report a security bug,” wrote Chen Zhaojun, an employee on Alibaba Group Holding Ltd.’s cloud-security team, adding “the vulnerability has a major impact.”

The message went on to describe how a hacker could take advantage of Log4j, a widely used software tool, to achieve what’s known as remote code execution, a hackers’ dream because they can remotely take over a computer.