Wiz security researcher Elad Gabay reported that they discovered a critical vulnerability in the Oracle Cloud Infrastructure (OCI), which a customer may have exploited to read/write another customer’s data on the same platform without permission.
This means the vulnerability could allow any Oracle customer unauthorized access to the Cloud storage data of another customer.
The good news is that when Wiz researchers notified Oracle about the bug, the IT firm fixed it within 24 hours. The even better news is that customers don’t need to do anything regarding the fix.
Dubbed AttachMe by researchers, the vulnerability is one of the best examples of cloud isolation vulnerabilities and how threat actors can exploit the flaws to gain unauthorized access to someone else’s data.
The vulnerability, according to Wiz’s blog post, was discovered by Wiz in June 2022 and was regarded as one of the ...
Copyright of this story solely belongs to hackread.com . To see the full text click HERE