AWS fixes ‘confused deputy’ vulnerability in AppSync

Amazon Web Services (AWS) fixed a cross-tenant flaw in AWS AppSync that could allow miscreants to abuse that cloud service to assume identity and access management roles in other AWS accounts, and then gain access to and control over those resources.

You can read the full article here.