Over the past few days you may have heard about Log4j and a major vulnerability that allowed hackers to attack unpatched Apache servers – if not, click here to learn more. Google has posted that Google Ads and Google Marketing Platform are not using versions of Log4j affected by the CVE-2021-44228 vulnerability.
Google explained that on On December 10, 2021, the National Institute of Standards and Technology (NIST) announced a recent vulnerability (CVE-2021-44228) in the Apache Log4j library. The Apache Log4j utility is a commonly used component for logging requests. This vulnerability could allow a system running Apache Log4j version 2.14.1 or below to be compromised and allow arbitrary code to be executed.
Google said that it is “following this vulnerability closely.” Google said its “security teams are investigating any potential impact on Google products and services and are focused on protecting our users and customers.” But specific to Google Ads, Google said the company is “not using versions of Log4j affected by the CVE-2021-44228 vulnerability.”
Google also posted on the Google Ads Developer blog “if you are using an Ads API Client Library and Apache Log4j versions 2.0 to 2.14.1, please upgrade to the patched version 2.15.0 released by Apache as indicated in the Apache Log4j Security Vulnerabilities website.“
You should also make sure the software you use and or built is not vulnerable.
Forum discussion at Twitter.