Brown’s Office of Information Technology (OIT) has recently learned that IBM’s SPSS Statistics application is vulnerable to the “log4j'' exploit, which can allow unauthorized users to take over your Windows or Mac computer. Starting on January 24, OIT is automatically updating the susceptible SPSS files on Brown-managed Mac and Windows computers, so you do not need to take action. If your computer is not in Brown’s management systems, and you have SPSS installed on your computer, please visit software.brown.edu, click the link for your version of SPSS (25 through 27) and follow the instructions to install the fix manually from the links in the right-hand menu.
If you are running SPSS 24 or below, you should upgrade your software to current/supported versions from software.brown.edu.
To check if your system has been updated:
1. Click Start Menu
2. Type File Explorer and hit enter
3. Click on "This PC" on the left pane
4. Browse to the folder location based on your version of the software (25, 26, or 27)
1. Open Finder
2. Click on Applications
3. Locate "SPSS Statistics.app" (This will be nested in at least one folder labeled "IBM")
4. Right click on SPSS Statistics.app and select "Show Package Contents" to browse to the folder path defined below.
|Folder Location||Files to look for|
Windows: C:\Program Files\IBM\SPSS\Statistics\25\
Windows: C:\Program Files\IBM\SPSS\Statistics\26\
Windows: C:\Program Files\IBM\SPSS\Statistics\27\
Mac: Applications/IBM SPSS Statistics 27/SPSS Statistics.app/Contents/bin/
If these files are present in the noted location, your computer has been patched for the SPSS Log4j vulnerability