Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to leak secrets, including API keys from a developer's machine, and run arbitrary code.

"We're aware of this research and have made enhancements to the underlying language server (v1.24.0) as part of the Amazon Q Developer Extension for VS Code to address the behavior mentioned in the blog post," an AWS spokesperson told The Register . "Restarting the plugin will update it to the latest version that requires additional human-in-the-loop approval."

The updates come in response to AI security researcher Johann Rehberger's disclosures and bug hunting expedition into the popular Amazon coding assistant with over 1 million downloads.

In a series of t

See Full Page