Logo

MacStadium Blog

MacStadium Response to Apache Log4j Vulnerability

MacStadium does not use Apache Log4j in any of its development code bases, and at this time there have been no detected exploitations of the vulnerability and no externally exploitable systems have been identified within our network.

The MacStadium team continues our analysis of the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on December 9th, 2021. As we and the industry at large continue to gain a deeper understanding of the impact of this threat, we are pleased to share the following information regarding our internal investigations.

MacStadium does not use Apache Log4j in any of its development code bases.

Our internal and external vulnerability detection platforms have been updated in accordance with vendor recommendations for this CVE and at this time:

  1. There have been no detected exploitations of the vulnerability
  2. No externally exploitable systems have been identified within our network

All known currently available system patches and mitigation strategies have been applied according to published vendor recommendations.

We are actively working with all of our third-party vendors to identify any additional systems with potential unconfirmed vulnerabilities and remediate them appropriately as soon as patches or other mitigation strategies are published. In the meantime, we continue to closely monitor network traffic and log events in order to detect any malicious activity.

As MacStadium continues its investigation, we will notify customer primary points of contact immediately in the event that we detect exploitation of the vulnerability, confirm there is a known exposure of vulnerable environments that have or could have left customer systems or data exposed or if a third party/subcontractor within our supply chain that supports our customers is unable to conduct immediate remediation or has been exploited.

For additional details about this vulnerability, affected versions, and solutions, please reference the Apache Logging Services alert.

Posted

December 14, 2021

Written by

Kevin Beebe

Categories

MacStadium News

Share this article

Logo

Orka, Orka Workspace and Orka Pulse are trademarks of MacStadium, Inc. Apple, Mac, Mac mini, Mac Pro, Mac Studio, and macOS are trademarks of Apple Inc. The names and logos of third-party products and companies shown on the website are the property of their respective owners and may also be trademarked.

©2023 MacStadium, Inc. is a U.S. corporation headquartered at 3525 Piedmont Road, NE, Building 7, Suite 700, Atlanta, GA 30305. MacStadium, Ltd. is registered in Ireland, company no. 562354.