Security Update for Log4j and Polkit Vulnerability
The Pica8 Security Assurance team is evaluating the Log4j Java library remote code execute (RCE) vulnerability CVE-2021-44228 known as Log4Shell.
At this time, there are no known scenarios that enable successful exploitation of the vulnerability in PicOS, AmpCon, or any other Pica8 products. None of the Pica8 products use Apache and Java libraries for system logging.
A new report of Linux Day 0 vulnerability CVW-2021-4034, known as Polkit or Pwnkit, was issued on January 26, 2022.
Polkit was a component originally released from Red Hat and included in many Desktop Red Hat Package Managers (RPMs). None of the Pica8 products include the Polkit executable code or are subject to this vulnerability.