Log4j Vulnerability

We have probably all heard of the critical Log4j library security issue by now. Log4j is an Apache library that saves logs. That is why software developers use it instead of writing their own logging system. Unfortunately, The problem found allows the attacker to execute his code remotely.

As the library is popular, all the software uses it. Even companies like VMWare, Adobe and etc. are struggling with this issue.

Some companies are struggling with the vulnerability

VMware

VMware has this vulnerability and is working on a patch to solve the problem quickly.

Adobe

Adobe has asked to disable LDAP for now to avoid security issues in adobe connect software.

Cloudflare

Cloudflare is trying to protect his services from this issue with all his power as well.

Other companies

Other Huge companies, such as DELL and HP, are reviewing their products. They are putting a page on their site to share the review progress with their customers.

Basic Solutions

Apache has provided a solution to prevent this vulnerability. The solution is upgrade to version 2.16 or 2.12.2 for Java 7. This change can not be done by us, So that we should wait for release an update or patch for software we using.

What can we do for protect our softwares?

During this period, the best thing to do is to limit the access as much as possible and not allow unauthorized people to access any of our software remotely, online, and under the network.

If you also have software that uses this library, contact the programming team or the software provider site immediately and follow their solution to avoid this security hole.

We hope this issue does not affect anyone’s software and your software company will provide its update or patch as soon as possible to avoid the issue.

Some software solutions:

CVE Links:

If you are interested to read more about this vulnerability, see more info here: