AWS Patches Vulnerabilities Potentially Allowing Account Takeovers

AWS Patches Vulnerabilities Potentially Allowing Account Takeovers

August 8, 2024 at 06:30AM

AWS recently addressed potentially critical vulnerabilities, including flaws that could have allowed attackers to take over accounts, disclosed by Aqua Security at Black Hat. The security holes could have enabled arbitrary code execution, account control, data exposure, DoS attacks, data exfiltration, and AI model manipulation in AWS services such as CloudFormation, Glue, and others.

From the meeting notes:

– AWS recently patched potentially critical vulnerabilities, including flaws that could have been exploited to take over accounts, according to Aqua Security.
– Details of the vulnerabilities were disclosed at the Black Hat conference, and a blog post with technical details will be made available.

The vulnerabilities could have been exploited to perform arbitrary code execution, gain control of AWS accounts, expose sensitive data, conduct denial-of-service attacks, data exfiltration, and AI model manipulation. They were found in AWS services such as CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar.

Researchers described a method named ‘Bucket Monopoly’, where attackers could preemptively create S3 buckets in all available regions to perform what they called a ‘land grab’. This could allow malicious code to be executed and create an admin user, granting elevated privileges.

Aqua Security researchers also announced the release of an open-source tool and presented a method for determining whether accounts were vulnerable to this attack vector in the past.

Additional related developments include AWS deploying ‘Mithra’ Neural Network to predict and block malicious domains, a vulnerability that allowed takeover of an AWS Apache Airflow Service, and Wiz reporting that 62% of AWS environments were exposed to Zenbleed exploitation.

Full Article