- This topic has 1 voice and 0 replies.
-
Posts
-
-
#News(Security) [ via IoTForIndiaGroup ]
Researchers at the mobile security firm Zimperium announced that a member of their team had identified 13 vulnerabilities in the FreeRTOS open source project, one of the most popular operating systems for IoT devices.
The CVEs that researcher Ori Karliner turned up were some real doozies, including vulnerabilities that could lead to remote code executions, denial of service, information leaks, and one which was left undefined. While these exploits have not yet received a CVSS score, it is safe to assume that they will be on the higher end of the spectrum.According to their release, the Zimperium team has reached out to Amazon, which maintains the FreeRTOS open source project, alerting them to the vulnerability and worked with them to produce patches for exploitable components.
Due to the need to alert a wide range of stakeholders who are using the vulnerable FreeRTOS open source components in their products’ software, the researchers have reserved CVEs with MITRE and the National Vulnerability Database (NVD), but are withholding details pertaining how to carry out the attacks for a reported 30 days so that hackers cannot gain a quick and easy payday off of their work.
-
- You must be logged in to reply to this topic.
