Amazon WorkSpaces, AppStream 2.0, and DCV Clients Man-in-the-Middle Vulnerability

A man-in-the-middle vulnerability has been identified in the native clients for Amazon WorkSpaces (when using the Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV. This vulnerability allows an attacker to access remote sessions by intercepting the communication between the client and the server. The issue affects specific versions of these clients, as detailed below.

Impact

Exploitation of this vulnerability could lead to unauthorized access to remote sessions in Amazon WorkSpaces, AppStream 2.0, or via Amazon DCV, allowing interception and potentially manipulation of the session data.

Remediation

Users are advised to upgrade to the latest versions of the affected clients. The specific versions that include the fix vary by application and operating system, so users should consult the AWS security bulletin for detailed upgrade instructions.