Please Upgrade TraderWorkstation (TWS)
On December 9, 2021, a critical security vulnerability in Apache's Log4j software library was disclosed, (now commonly referred to as “Log4Shell”). Log4j is very broadly used in a wide variety of consumer and enterprise services, websites, applications, and devices to log security and performance information. The vulnerability allows an unauthenticated remote actor to take control of an affected system and execute arbitrary code on it. The ubiquitous nature of Log4j and the ease of exploitation of the vulnerability makes this threat not only critical but also nearly universal.
WHAT IS IBKR DOING TO PROTECT ITS CLIENTS?
We are actively working, with high priority, to mitigate the threat on several levels:
- We have patched all our servers accessible externally (from the Internet) with a version of Log4j that is not susceptible to this vulnerability.
- We have upgraded our Trader Workstation (TWS) software and our TWS installers with a version of Log4j that is not susceptible to this vulnerability.
- We have updated our security infrastructure (including network firewalls, application firewalls, intrusion detection tools, etc.) with the latest protection measures that help detect and block cyber-attacks that attempt to exploit the Log4j vulnerability.
- We continue our ongoing efforts to fully identify and patch any impacted internal systems (those that are not accessible from the Internet).
- We continue monitoring the evolving industry threats and adopt additional mitigation measures as needed.
ACTION REQUIRED
We are committed to providing a secure environment for your assets and trading activities. To that end, we request that our clients give priority to the use of the LATEST TWS version, which will auto-update. Should you have the STABLE or any OFFLINE version, which does not auto-update, please ensure that you take the necessary steps to keep your TWS in line with the latest security fixes.