I work in IT. Has anyone heard of any Log4J issues with a standard Macbook operating system? I know installed apps might have vulnerabilities, I was just checking on the Mac OS to start.
big_D
December 21, 2021, 4:18pm
2
Log4j is a Java library. As far as I know, Apple doesn’t use any Java in its operating system.
If you aren’t running an Apache web server with Struts on your MacBook, you should be okay.
It is mainly server side services that use it. If you are using your Mac as a server, you need to check that the services are up to date, this is a general rule anyway, and that any that use Java have been updated to use at least versio 2.16 of Log4j (this is not a 100% fix, we are waiting for yet another patch, 2.15 and 2.16 both have other issues, even though they close the first discovered hole).
PHolder
December 21, 2021, 5:14pm
3
You may find this useful:
and in particular the “software” link:
> **Important: GitHub only shows the first 512kb of this file in the preview. If you don't see the entire software list, please click [here](README.md) to load the entire list.**
# Log4j overview related software
This page contains an overview of any related software regarding the Log4j vulnerability. On this page NCSC-NL and partners will maintain a list of all known vulnerable and not vulnerable software. Furthermore, references to software will contain specific information regarding which version contains the security fixes and which software still requires fixes. Please note that this vulnerability may also occur in custom software developed within your organisation. These occurrences are not registered in this overview.
#### NCSC Advisories
NCSC-NL has published a HIGH/HIGH advisory for the Log4j vulnerability. Normally we would update the HIGH/HIGH advisory for vulnerable software packages, however due to the extensive amounts of expected updates we have created a list of known vulnerable software in the software directory.
#### Daily CSV/JSON releases
Daily releases of this software list are listed, including CSV and JSON files, in the [releases](https://github.com/NCSC-NL/log4shell/releases) overview. Please check the [software list parser](https://github.com/NCSC-NL/log4shell/tree/main/tools/log4shell_softwarelist) tool to generate a CSV or JSON on your own.
> **Disclaimer:** _We aim to provide as the information as accurately as possible with the resources available to us. However, we do not have the capacity to monitor all software for updates/fixes. You are advised to review the links provided for available updates. If you find updates or mistakes, please contribute by creating a Pull Request. [Learn how](https://docs.github.com/en/repositories/working-with-files/managing-files/editing-files#editing-files-in-another-users-repository).
## Software overview
NCSC-NL will use the following status labels:
| Status CVE-2021-xxx | Description |
|:--------------------|:-----------------------------------------------------------------|
| Vulnerable | Software is vulnerable to CVE-2021-xxx. |
This file has been truncated. show original
big_D
December 21, 2021, 5:18pm
4
Interesting, Apple isn’t even listed, yet it is known that their iCloud service was vulnerable.
Like with Windows remove Java.