AWS Log4Shell Patch Has 'Severe Security Issues:' Unit 42
Healthcare Info Security
Amazon Web Security has fixed "severe security issues" in hot patches it released in December to address the Log4Shell vulnerability in Java applications and containers.
Researchers with Palo Alto Networks' Unit 42 said Tuesday that every container in a server or cluster environment could exploit the AWS patch to take over its underlying host. For instance, containers in a Kubernetes cluster in which the hot patch is installed can escape until either the hot patch is disabled or an upgrade is made to the fixed version, according to Principal Security Researcher Yuval Avrahami.
"We realized quickly this is something...