![]() ![]() Log4j is a logging utility for Java-based software. ![]() Apart from our Android-based solutions, TechSmith does not leverage Java for software we create. Use of Log4net in TechSmith Snagit and TechSmith Camtasia Coach's Eye and - Does not currently use Log4j However, versions of Coach's Eye Android released prior to 2020 may contain Log4j.TechSmith Assets for Camtasia / Snagit - Does not use Log4j.TechSmith Camtasia - Does not use Log4j.We were not anticipating finding any use of Log4j, but we investigated our source code repositories and library manifests to verify TechSmith’s software and services do not make use of or distribute the Log4j library. ![]() TechSmith Snagit for Windows prior to version 2022.0.2 and TechSmith Camtasia for Windows prior to 2021.0.16 were distributed with a version of Log4net vulnerable to CVE-2018-1275. This is not related to the Log4j RCE vulnerabilities. This library was a dependency of older Google SDKs for Google Drive and YouTube outputs. Exploiting this vulnerability would require write access to the local file system which would allow a bad actor to engage in many other malicious actions on the target computer. There is no reason to believe this is remotely exploitable. Users who are unable to upgrade to repaired versions can mitigate their risk by disabling the Google Drive and YouTube functionality within Snagit and Camtasia. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |