Google Ads not affected by the Log4j 2 vulnerability

In the past few days you may have heard of Log4j and a major vulnerability that allowed hackers to attack unpatched Apache servers – if not, Click here to learn more. Google announced that Google Ads and Google Marketing Platform are not using any version of Log4j that is exposed to the CVE-2021-44228 vulnerability.

Google explained On December 10, 2021, the National Institute of Standards and Technology (NIST) announced a current vulnerability (CVE-2021-44228) in the Apache Log4j library. The Apache Log4j utility is a commonly used component for logging requests. This vulnerability could allow a system running Apache Log4j version 2.14.1 or lower to be compromised and arbitrary code to be executed.

Google said it is “closely following” this vulnerability. Google said its “security teams are investigating all possible impacts on Google products and services and focusing on protecting our users and customers.” But specifically for Google Ads, Google said the company “does not use any versions of Log4j that are affected by the CVE-2021-44228 vulnerability”.

Google too Published on in the Google Ads developer blog “If you are using an Ads API client library and Apache Log4j versions 2.0 to 2.14.1, please update to the patched version 2.15.0 released by Apache as described in the Apache Log4j vulnerability website.“

You should also ensure that the software you use and / or create is not vulnerable to attack.

Forum discussion at Twitter.