Threat actors could abuse serious vulnerabilities in AWS hot patches for Apache Log4j flaws
to elevate privileges and escape containers, reports SecurityWeek.
Installation of any of the hot patches would prompt exploitation by any server- or cluster-based container to facilitate host takeovers, a report from Palo Alto Networks' Unit 42
"A malicious container therefore could have included a malicious binary named 'java' to trick the installed hot patch solution into invoking it with elevated privileges. The malicious ‘java’ process could then abuse its elevated privileges to escape the container and take over the underlying host," said researchers, who noted that the security issues could be exploited regardless of container configuration.
AWS has already issued fixes on Tuesday to address the container escape and privilege escalation issues.