AWS Updates Feed

← トップに戻る

AWS Updates - 2025-11-21

AWS Security Blog

Practical steps to minimize key exposure using AWS Security Services

Exposed long-term credentials continue to be the top entry point used by threat actors in security incidents observed by the AWS Customer Incident Response Team (CIRT). The exposure and subsequent use of long-term credentials or access keys by threat actors poses security risks in cloud environments. Additionally, poor key rotation practices, sharing of access keys […]

Accelerate investigations with AWS Security Incident Response AI-powered capabilities

If you’ve ever spent hours manually digging through AWS CloudTrail logs, checking AWS Identity and Access Management (IAM) permissions, and piecing together the timeline of a security event, you understand the time investment required for incident investigation. Today, we’re excited to announce the addition of AI-powered investigation capabilities to AWS Security Incident Response that automate […]

AWS Security Bulletins

Call audio termination issue in AWS Wickr desktop clients

Bulletin ID: AWS-2025-029
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2025/11/21 12:15 PM PDT

Description:

AWS Wickr is an end-to-end encrypted service that helps organizations communicate securely through messaging, voice and video calling, file sharing, and screen sharing.

We identified CVE-2025-13524, which describes an issue in the Wickr calling service. Under certain conditions, which require the affected user to take a particular action within the application, the user’s audio stream remains open after they close their call window. This could result in audio from the affected user’s device continuing to stream unexpectedly to other call participants until those users drop the call, the affected user joins another call, or the affected user terminates their application.

Impacted versions:

AWS Wickr, Wickr Gov and Wickr Enterprise desktop (Windows, Mac and Linux) versions prior to 6.62.13.