On Friday 10 December 2021, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) issued an alert on a vulnerability in the Apache Log4j software library that exposed systems to potential cyberattack.
The ASD’s ACSC has now confirmed active exploitation of this vulnerability within Australia.
Australian organisations who utilise Apache Log4j2 versions should review their patch level and update to the latest available version, the ASD’s ACSC National Hotline 1300 CYBER1 is able to provide assistance as required.
Vendors are encouraged to identify their use of the Log4j logging library in their products, and develop the required patches to assist their customers to remediate the vulnerability on their systems.
As of 15 December 2021, the ASD’s ACSC has published an advisory regarding mitigation and detection recommendations.
Read the full Assistant Minister for Defence media release.