AWS fixes 'confused deputy' vulnerability in AppSync

Datadog security researchers found the flaw before miscreants did

Amazon Web Services (AWS) fixed a cross-tenant flaw in AWS AppSync that could allow miscreants to abuse that cloud service to assume identity and access management roles in other AWS accounts, and then gain access to and control over those resources. ...