The vulnerability, AttachMe, compromises the security of cloud isolation by allowing threat actors to access other users’ OCI storage volumes without permission, capture and modify sensitive data stored on the volume, and execute code on affected systems. Successfully exploiting the vulnerability requires threat actors to capture the Oracle Cloud Identifier provided to an Oracle Cloud Infrastructure user and insert it into their Oracle Cloud virtual machine. Oracle Cloud infrastructure does not have a security mechanism that checks who owns this identifier. Therefore, threat actors can easily add the identifier to their virtual machines and gain access to the storage units of the Cloud customer that owns the identifier.
AttachMe: The Critical Vulnerability in Oracle Cloud Infrastructure
AttachMe: The Critical Vulnerability in Oracle Cloud Infrastructure
A critical security vulnerability has been identified in the Oracle Cloud infrastructure,called AttachMe, that threat actors can exploit to access the virtual disks of Oracle customers.
Share This:
- Categories
- Latest News
-
Konni (Vedalia / TA406 / Opal Sleet): North Korea’s Steady Hand in Espionage Operations -
Warlock Group: The Rise of GOLD SALEM (Storm-2603) in 2025’s Ransomware Landscape -
DarkHotel (APT-C-06 / ATK52 / DUBNIUM): The Global Espionage Network Behind Elite Cyber Intrusions -
Kasablanka: The Emerging North African Cyber Threat Actor -
Looking at Your Company Through the Eyes of an Attacker: What Is an Attacker's-Eye View?
- Follow Us on Social Media!