Double dutch to me Harold, who is doing what and to who and where....

Would I have that Java Library? I'll put my condom on so to be safe...:=)

More details here for those interested...

Oh this would have been a bit of a nightmare if I was still working as we used a lot of Java based services that would need patching but they made my position redundant back in February so it is someone else’s problem. If you are running any client or server applications using Java technology it would probably be using this popular Log4j library with the issue.

For a local client application on a PC or Mac, I think there is no immediate reason to worry unless it can receive any inputs remotely from the internet (which is unusual for a desktop application) but best to apply patches when possible.

As an example, possibly with some Java based photo software a hacker might be able to put some custom EXIF fields in a JPEG or RAW photo so that when processed if the application logged the EXIF data using this Java library for diagnostic purposes it could run a remote code execution attack on you to do something on your system. Basically it is not uncommon for these Java programs to log a lot of diagnostic data using this library so it is a very useful attack vector especially as the data items logged can often come from external inputs. It is a good reason not to run any of your regular desktop software on a PC or Mac as a user with full administrator privileges as an attack like this will get full access to your system. On my Mac I have a separate admin user to do software installs etc.