Researchers with Palo Alto Networks’ Unit 42 said Tuesday that every container in a server or cluster environment could exploit the AWS patch to take over its underlying host. For instance, containers in a Kubernetes cluster in which the hot patch is installed can escape until either the hot patch is disabled or an upgrade is made to the fixed version, according to Principal Security Researcher Yuval Avrahami. “We realized quickly this is something big,” Ariel Zelivansky, Palo Alto Networks’ director of security research, tells Information Security Media Group. “This is something that affects many users, not only on AWS, and it’s something that will be hard to mitigate as well. So the impact was great.” Containers can escape regardless of whether they run Java applications or whether their underlying host runs Bottlerocket, AWS’ hardened Linux distribution for containers, Palo Alto Networks found. The hot patches released by AWS cover stand-alone servers, Kubernetes clusters, Elastic Container Service clusters and Fargate, and can be installed on any cloud or on-premises environment, not just AWS (see: Crypto Platform Suffers Log4j-Related Ransomware Attack).
TALLAHASSEE, FL – Advanced Manufacturing International (AMI) has been awarded a $2M grant