Details about the severity and scope of the vulnerability are still emerging, including the detection of any examples of real-world applications using vulnerable configurations of the impacted library.
The newer Log4j vulnerability (CVE-2021-45046) can allow remote code execution in some circumstances on macOS.
State actors from China, Iran, North Korea and other countries are targeting the Log4j (CVE-2021-44228) flaw.
John Hammond of Huntress discusses the seriousness of the Apache Log4j vulnerability, the community response, and how attackers are exploiting it.
While a patch is available from the Apache Software Foundation, researchers say that numerous companies may need to wait until vendors push security updates out to their own products.