On December 9th, a critical RCE vulnerability known as log4j - CVE-2021-44228 was announced by the New Zealand Computer Emergency Response Team (CERT).
LogTag is currently actively monitoring this situation and is seeking advice from Microsoft regarding the effects of this vulnerability on LogTag Online and its dependent services.
Currently, Microsoft is not aware of any impact, outside of the initial disclosure involving "Minecraft: Java Edition", to the security of its enterprise services used to host and run LogTag Online and has not experienced any degradation in availability of those services as a result of this vulnerability.
The vulnerability also does not affect our mobile apps. In iOS, the underlying technology used to generate the app does not contain the vulnerable modules. In Android, the particular functionality required to exploit the vulnerability has been removed from the Android versions required to run the app.
LogTag's on-PC installations are not affected by this vulnerability, as they do not use Java or the log4j library.
We will update this article as soon as more information comes to light.
Still stuck? We're a click awaySubmit a request