SECURITY BULLETIN

Apache Log4j 2 Vulnerability (CVE-2021-44228)

Security and trust are top priorities at Digital Turbine. We take the protection of consumer privacy and protected data seriously and want to ensure our customers and partners that we are on top of vulnerabilities and threats as they are discovered.

STATUS UPDATE

We have successfully investigated and mitigated the recently disclosed Apache Log4j 2 vulnerability (CVE-2021-44228) where detected within our products and services. All our products and services have been protected against the zero-day exploit in the Log4j 2 library by updating to version 2.16.0. Analysis of our logs did not show any indications of exploitation. We will notify the affected party if we identify any customer impact.

If you have any questions or need any further details, please contact us.

We appreciate your time and attention to this important advisory.

Updated December 13, 2021