Amazon Web Services has closed two vulnerabilities in its core services. One of which could have allowed any user to access and take control of any company’s infrastructure. Another vulnerability in the CloudFormation service allowed the researchers to compromise a CF server and run as an AWS infrastructure service. The attack chain that involves compromising a core service, escalating privileges, and using that privilege to attack other users is not limited to Amazon. Cloud providers should work to improve isolation of their services to prevent attackers from using vulnerabilities in core services to compromise the security model.”]
Source: https://www.darkreading.com/cloud/new-vulnerabilities-highlight-risks-of-trust-in-public-cloud