Amazon can't be trusted with the big gun. But Amazon is going to have to get out the same big gun to fix this one.
Big problem one is not running a "malicious binary named java", it's running the bog-standard binary named java with root privileges on the _host_ server.
Big problem two is asking all their customers to patch their containers is not sufficient, because it's the ones who **don't want** to patch their containers that they should be worried about.
So it's fine if customers patch, but isn't Amazon going to have to do the same nasty root cleanup in reverse on all the customers who didn't patch?