A hacker compromised Amazon’s Visual Studio Code extension by injecting malicious code that initially appeared to be a harmless message but could execute destructive commands. Amazon swiftly removed the malicious update and issued a safe version, reassuring users about the security of their systems. #AmazonQ #GitHubSecurity
Keypoints
- A hacker gained unauthorized access to Amazon’s GitHub repository for the Q Developer Extension.
- The malicious commit included a data wiping prompt that could potentially delete files and cloud resources.
- Amazon was unaware of the breach initially and unknowingly published a compromised version.
- Security researchers identified the malicious code, prompting Amazon to release a clean update.
- Users are advised to update to version 1.85.0 to ensure their systems are protected.