By Elise Murphy - Director, Game & Platform Security - December 15, 2021
Late last week, a critical severity security vulnerability in the popular Java-based logging library “Log4j 2” was disclosed (CVE-2021-44228 aka “Log4Shell”). Like many other companies world-wide, EA is actively investigating whether this issue may impact our players, products, or services. At this point, we’ve determined that our Origin and EA app clients do not use Log4j and therefore are not impacted by CVE-2021-44228.
This is an ongoing event and our investigation will continue. We are working with partners both inside and outside EA to identify and address any additional risks.
We also would like to remind anyone that thinks they’ve found a vulnerability in an EA game or service, including Log4Shell, they can report it to us through our Coordinated Vulnerability Disclosure process. We take the security of our players seriously and encourage anyone that finds vulnerabilities in our products and services to contact us.