Head Topics

Oracle Cloud fixes ‘critical’ data-access vulnerability

South Africa News News

Oracle Cloud fixes ‘critical’ data-access vulnerability
South Africa Latest News,South Africa Headlines
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 39 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 19%
  • Publisher: 61%

Oracle Cloud at one point would let you access any other customer's data

A"critical" Oracle Cloud Infrastructure vulnerability could have been exploited by any customer to gain read and write access to data belonging to any other OCI customer without any permission checks, according to Wiz security researchers.

Essentially, the flaw, as described by Wiz, could be exploited thus: if you knew the Oracle Cloud Identifier for another customers' storage volume – which is not a secret – you could attach that volume to your own virtual machine in Oracle's cloud as long as the volume wasn't already attached or supported multi-attachment. So, obtain the identifier, attach a volume, access it as if it was yours, including any sensitive information on it.

Gaining write access, Gabay explained,"could be used to manipulate any data on the volume, including the operating system runtime , thus gaining code execution over the remote compute instance and a foothold in the victim's cloud environment, once the volume is used to boot a machine."

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

TheRegister /  🏆 67. in UK

South Africa Latest News, South Africa Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

A follow up to 2016's trippiest FPS just released on Steam, and it's a thousand times trippierA follow up to 2016's trippiest FPS just released on Steam, and it's a thousand times trippierHyper Demon may be even better than Devil Daggers.
Read more »

Rail chaos which ruined mourners’ journeys continues for second dayRail chaos which ruined mourners’ journeys continues for second dayDisruption to train services which caused thousands of mourners to miss the Queen’s funeral will continue until noon on Tuesday, passengers were warned.
Read more »

Apple acknowledges iPhone 14 Pro camera bug, preps fixApple acknowledges iPhone 14 Pro camera bug, preps fixA camera shake issue with some apps getting a quick fix
Read more »

'Brilliant' plans for new Lidl and Wickes store in town'Brilliant' plans for new Lidl and Wickes store in townWorkers are currently on site constructing access from Nottingham Road
Read more »

Oracle releases Java 19 with seven significant enhancementsOracle releases Java 19 with seven significant enhancementsUpstart CPU integration, incremental improvements – just the way cautious corporate customers like it
Read more »

Uber ‘in contact with the FBI’ over potential GTA 6 hacker | VGCUber ‘in contact with the FBI’ over potential GTA 6 hacker | VGCUber says it's ‘in contact with the FBI’ over an attacker who could potentially also be behind this weekend's GTA 6 leak.
Read more »



Render Time: 2025-04-08 12:26:16