aws-iot-device-sdk-v2 uses insecure certificate validation. Attackers are able to compromise certificate authorities in their trust stores on macOS, by spoofing DNS records to bypass CA pinning.
http:
github.com/aws/aws-iot-device-sdk-cpp-v2
github.com/aws/aws-iot-device-sdk-java-v2
github.com/aws/aws-iot-device-sdk-js-v2
github.com/aws/aws-iot-device-sdk-js-v2/pull/159
github.com/aws/aws-iot-device-sdk-js-v2/pull/159/commits/f53747afc4170b1fa1ac9a14f372b44b5cd41d2d
github.com/aws/aws-iot-device-sdk-python-v2
github.com/awslabs/aws-c-io/
github.com/awslabs/aws-crt-java/commit/e60484086d1b94750568324a51c0da37d7cc818b
github.com/awslabs/aws-crt-python/commit/2c7b49f5defe5d5f34a01c9c446b96b8d1897908