The Australian Cyber Security Centre (ACSC) has issued an alert on its website about a vulnerability existing in certain versions of Log4j software library – one of the most widely used java-based logging utilities globally. Due its widespread use in popular software platforms, a large number of third-party apps may also be vulnerable, which can affect individuals, businesses and business supply chains.
Log4j is a software library that logs data. Log4j software may form a part of the suite of products your business purchased or built to manage your data – or the apps you use on your phone or tablet.
The issue with Log4j is that a vulnerability has been discovered – a hole in their defences could allow malicious actors to create malicious ‘logs’ which could take control of computer systems and data.
Australian organisations are being recommended by the ACSC to check whether products they use are affected by the Log4j2 vulnerability, and take the appropriate actions.
For further information, see the following ACSC advisory and alert:
Individuals and business that may have been affected should contact the ACSC via 1300 CYBER1.