2015/07/28 - 6:00PM PST


AWS is aware of the recently reported Android security issues described in: CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829. These issues present a risk to all data present on your Android device, which may include AWS API or console credentials you have used on that device.


AWS customers who have been using an Android device to access AWS resources, such as the AWS console or using your Android device as a MFA device, should discontinue use of their Android device to access AWS resources, rotate their AWS credentials that were used after July 25, 2015 on the Android device immediately, and check with their Android device or phone provider to ensure it is patched for the previously mentioned CVEs before continuing to use the device to access AWS resources.

For additional information regarding how to rotate your credentials, please see here