Critical AWS Vulnerabilities Discovered by Security Researchers

Security researchers have uncovered six critical vulnerabilities in various AWS services that could have led to remote code execution, data exfiltration, and even account takeover. The vulnerabilities, which were disclosed at the Black Hat security conference, have since been fixed by AWS, but the researchers warned that similar vulnerabilities could exist in other AWS and open source services.

The vulnerabilities were discovered by Aqua Security researchers, who found flaws in services such as CloudFormation, Glue, EMR, and SageMaker. These vulnerabilities could have affected any organization that has ever used these services, highlighting the widespread impact of the potential security risks.

The researchers detailed their findings in a blog post to be published during the DEFCON conference, shedding light on the attack vector they dubbed “Shadow Resources.” This technique involved exploiting AWS S3 buckets created to support various services, including a method called “Bucket Monopoly” that could enhance the success rate of attacks.

Fortunately, AWS is actively investigating whether any customers were affected by these vulnerabilities and is reaching out to potentially impacted organizations. The researchers commended AWS for their prompt response and collaboration during the disclosure and mitigation process.

To prevent similar attacks in the future, the researchers provided mitigation strategies such as defining a scoped policy for service roles, verifying the owner of S3 buckets, and using unique identifiers for bucket names. These measures aim to strengthen security protocols and protect against potential exploitation of AWS services.

Overall, the discovery of these vulnerabilities serves as a reminder of the ever-evolving cybersecurity landscape and the importance of proactive security measures to safeguard data and assets in the cloud.