A story in three parts 😶 #log4j

Dec 10, 2021 · 4:19 PM UTC

62
1,223
238
4,329
Disclaimer: I'm fairly sure I'm not the first one to have tried this but I flagged it with Apple's product security team either way. I'm sure they are busy enough patching their systems 😅
4
14
1
460
Disclaimer²: Normally I wouldn't share such vulns before the vendor has had a chance to mitigate. However, I chose differently in this case because 1) The issue is already very widespread 2) I likely wasn't the first one to tell Apple 3) It's a prime example of how deep this goes
5
26
548
Replying to @chvancooten
Welcome to dup gang :')
1
4
Haha I'm not in it for bounties in this case, was primarily curious to see how deep this issue goes and what funky ways we can use to trigger it. I'm sure Apple is already painfully aware of their exposure, hopefully they can fix it soon!
2
15
Replying to @chvancooten
If Apple is affected by that, imagine what the Android team must be going through right now... :-O
4
4
1
165
What makes you think Android would be worse affected? In fact, it isn’t affected at all. Android has been far more secure than iOS for a long while now.
17
1
2
101
Replying to @chvancooten
@olafhartong pls test tesla :p
1
26
I saw a screenshot somewhere that the exact same happens when changing the name of your tesla 😳
1
7
1
102
Replying to @chvancooten
I wonder if they consider these machines compromised (as they should) and are rebuilding them from scratch...
19
Replying to @chvancooten
Another interesting question: what kind of logfile is this?
8