On December 9th, 2021, Foxit eSign was notified of the Log4j 2 vulnerability, also referred to as LogJam or Log4Shell. Our team took swift and immediate action to mitigate any risk for our users, including application of the patch to resolve the situation as soon as it became available – patch Log4j 2.16. We have determined that no compromises were or are currently present within our software or for any of our users as a result of this activity.
We are committed to the security of our product, the privacy of our user’s data, and the transparency of our communication. For these reasons, we have strict measures in place to monitor and prevent any security breaches, as well as to implement immediate preventative and mitigative action when needed.
Our team of security experts will continue to monitor the Log4j 2 vulnerability as it develops, including implementation of heightened surveillance of any and all suspicious activity, and take any necessary actions promptly as deemed necessary and as recommended by the Cybersecurity & Infrastructure Security Agency (CISA).
Developed by the Apache Software Foundation, Log4j is a Java-based logging software that records events, software runs, and communications between a particular system and its users. Log4j 2 is the most recently updated version of the Apache logging software.
The security vulnerability identified with the latest Log4j 2 update could potentially allow hackers the ability to institute control over log messages and parameters, which could lead to malicious behavior and the execution of arbitrary code.
Our security team’s efforts regarding the Log4j 2 vulnerability are ongoing. So far, we have performed the following actions as determined necessary by our team and by recommendation of CISA:
Ongoing concentrated efforts are required at this time in response to the Log4j 2 vulnerability. We will continue to monitor the situation as it progresses and take the following actions as needed:
Since learning of the vulnerability, Foxit eSign has implemented strict monitoring of the situation and all potential risk factors. We have determined that there are currently no compromises to our software or to any of our user’s data or usage of our application.
We encourage our customers and vendors to assess individual endpoint implementations for the use of the Log4j software; this includes any third-party software.
19925 Stevens Creek Blvd, Suite 100
Cupertino, CA 95014