A security flaw in Amazon WorkSpaces client for Linux can allow attackers to extract authentication tokens and access corporate environments unauthorizedly. This vulnerability emphasizes the importance of prompt patching and robust endpoint security measures. #AmazonWorkSpaces #CVE202512779
Keypoints
- The vulnerability affects Amazon WorkSpaces client versions 2023.0 to 2024.8 on Linux systems.
- Improper session isolation allows local users to retrieve authentication tokens and impersonate others.
- Amazon has released a fix in version 2025.0 and recommends immediate updates and security practices.
- The flaw has a high CVSS score of 8.8, with no current signs of active exploitation but potential PoC risks.
- Organizations should strengthen endpoint security, enforce MFA, and monitor authentication activities to mitigate risks.
Read More: https://www.esecurityplanet.com/news/amazon-workspaces-linux-vulnerability/