Amazon fixed the problem: Through the AWS Vulnerability Disclosure Program (VDP), researchers found that AWS’s own internal non-production systems were vulnerable, potentially allowing attackers to execute code within AWS infrastructure. The issue was disclosed and promptly fixed in September 2024.A little later on December 1, 2024, AWS introduced Allowed AMIs, a feature that lets users define a trusted allow list for AMI selection, mitigating the whoAMI name confusion attack.The blog post included a list of queries developers can use to identify risky patterns in their code, along with a link to the open-source tool, whoAMI-scanner, for detecting untrusted AMIs in customer environments.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3825098/whoami-name-confusion-attacks-can-hack-into-aws-accounts-for-code-execution.html
