Interactive Brokers implements Log4j vulnerability patch in TWS platform
Electronic trading major Interactive Brokers has updated its TWS platform, adding a patch for the recently detected “Log4j” software vulnerability.
Interactive Brokers says:
“Due to a global vulnerability in popular infrastructure software known as “Log4j,” we recently updated libraries for all versions of our TWS software. If you use the standalone “Offline” version of TWS, you must manually upload the most recent version to get the patch. If you used the Login menu to install an updating version of TWS to your desktop, you will receive the patched version when you log in”.
In December 2021, the United States Financial Industry Regulatory Authority (FINRA) issued a notice regarding the Log4J vulnerability.
The Authority says it has taken immediate steps to neutralize the risk. The mitigation tactics deployed by FINRA include defining alerts for exploit attempts, implementing web application firewall (WAF) rules designed to prevent exploitation of the vulnerability, conducting scans to confirm WAF rules are working as expected, and beginning to update Log4J libraries used in its self-developed applications.
FINRA says it is tracking this vulnerability, and that it will apply software updates as those become available, and monitor attacker exploit attempts.
Last month, FINRA issued an alert to member firms about a recently identified vulnerability in Apache Log4J software, which is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. The “Log4Shell” vulnerability presents risk for member firms because they may be using this software in internal applications, or the software may be embedded in third-party software packages.