[masraum]

Quote:

Originally Posted by Scott R

Exploits are OS independent.

Not strictly true. Some exploits are OS independent, others are very dependent. It depends upon the exploit.

For instance, the "log4j" exploit that sent the world into a tizzy just before Christmas last year was OS independent. There are plenty of items that are OS dependent or even application dependent. It just depends upon the exploit.
https://www.pcmag.com/how-to/what-is-the-log4j-exploit-and-what-can-you-do-to-stay-safe

Quote:

When there’s a security hole in an operating system or a popular browser, it typically affects just the users of that operating system or that browser. The publisher works up a new version that patches the hole, pushes out an update, and all’s well.

Log4j is different. It’s not an operating system, or a browser, or even a program. Rather, it’s what coders call a library, or a package, or a code module. It serves one purpose—keeping a log of what happens on a server.

People writing code want to focus on what makes their program unique. They don’t want to re-invent the wheel. So, they rely on endless libraries of existing code, such as Log4j. The Log4j module comes from Apache, which is the most widely used web server software. And that’s why it’s found on millions of servers.