A story in three parts 馃樁 #log4j
60
1,199
238
4,266
Welcome to dup gang :')
1
4
Replying to @Jester0x01
Haha I'm not in it for bounties in this case, was primarily curious to see how deep this issue goes and what funky ways we can use to trigger it. I'm sure Apple is already painfully aware of their exposure, hopefully they can fix it soon!

Dec 10, 2021 路 4:35 PM UTC 路 Twitter Web App

2
15
Replying to @chvancooten
Yeah, someone posted another apple poc yesterday but it is still not fixed.
Getting a dns query out of Apple doesn鈥檛 mean the exploit actually worked or that it was even log4j that inisiated the query. The only reliable test would be to put a real ldap server in your string. I鈥檓 sure you know all this, just putting it out for others who are reading.
4