Apache Log4J vulnerability https://www.csoonline.com/article/3644472/apache-log4j-vulnerability-actively-exploited-impacting-millions-of-java-based-apps.html is impacting a number of cloud services.
I am using log4j in my Android application. How does it impact it or is there no impact at all? I am assuming since the malicious actor could only run local scripts, it should not be an issue but I wanted to confirm.
CodePudding user response:
Seems like Android apps are safe since JNDI isn't available on Android. I believe the following tweet was the first online mention of the vulnerability, and on the bottom of the second screenshot it says "Java's JNDI is not available on Android". https://twitter.com/P0rZ9/status/1468949890571337731/photo/2