Log4J Vulnerability Update

A recent development has hit the Internet news circuit about a troublesome vulnerability in a popular open-source program called Apache Log4j. Given the widespread impact of this software defect, we are posting this statement to our customers inform you that your data is safe and the Camino platform is unaffected. The remainder of this post is information about what is causing a major buzz in software security today.

What happened?

Public disclosure of vulnerabilities in software programs is a common practice; a software researcher will find a loophole in the software and will publicly disclose how to exploit the loophole for malicious intent. They do this because they often receive compensation for disclosures (there is good money in ethical hacking). Remediation then takes place and the software maker will work to remove the loopholes. Sometimes the vulnerability is so great that hackers take advantage and move swiftly to exploit systems.

On December 9th, a widely used software program, Apache log4j, had a vulnerability publicly disclosed that allowed attackers to run malicious code. This vulnerability was considered massive as log4j is used very widely. While the Apache foundation is working to remedy their situation, the attackers have moved quickly to exploit. Any software service or system using log4j is exposed. As of writing this, there has not been a fix for the loophole.

Is Camino Impacted? No.

We have verified that Camino applications and services are not using Apache’s log4J. We have also taken necessary measures to ensure that downstream services we’re using, such as various AWS and Cloudflare products, are updated and patched to avoid any impacts on security and data integrity. As of writing this, we have not witnessed any unusual activity and will continue to monitor both our environments and the public discourse to ensure we remain safe.

Still have questions?

For those technically minded, you can read more about the exploitation here: CVE-2021-44228

If you have any questions about how Camino handles these events or want to get in touch with us, please contact support@camino.ai.