Twilio’s Response to the Log4J Vulnerability

Twilio has acknowledged a zero-day vulnerability in the Java logging library Log4j (CVE-2021-44228) that was publicly disclosed by Apache on December 9, 2021. Upon identifying the security advisory, Twilio initiated its security incident response process to evaluate potential impacts and initiate remediation steps. The company is currently working to patch affected Log4j versions as quickly as possible while also setting up detective and preventive controls to protect against exploitation of their environment. As of now, there have been no instances of exploitation within Twilio's environment. They will notify customers if any unauthorized access is discovered.