The newer Log4j vulnerability (CVE-2021-45046) can allow remote code execution in some circumstances on macOS.
State actors from China, Iran, North Korea and other countries are targeting the Log4j (CVE-2021-44228) flaw.
John Hammond of Huntress discusses the seriousness of the Apache Log4j vulnerability, the community response, and how attackers are exploiting it.
While a patch is available from the Apache Software Foundation, researchers say that numerous companies may need to wait until vendors push security updates out to their own products.
Attackers were scanning for CVE-2021-41773 in the Apache web server several days before the flaw was disclosed publicly.