The Apache Software Foundation has fixed two important security flaws in version 2.4.56 of its HTTP Server.
Details about the severity and scope of the vulnerability are still emerging, including the detection of any examples of real-world applications using vulnerable configurations of the impacted library.
The newer Log4j vulnerability (CVE-2021-45046) can allow remote code execution in some circumstances on macOS.
State actors from China, Iran, North Korea and other countries are targeting the Log4j (CVE-2021-44228) flaw.
John Hammond of Huntress discusses the seriousness of the Apache Log4j vulnerability, the community response, and how attackers are exploiting it.