Multiple Vulnerabilities Found in FreeRTOS
zLabs researcher Ori Karliner has found [1] multiple critical vulnerabilities in the open source real-time embedded operating system FreeRTOS.
“During our research, we discovered multiple vulnerabilities within FreeRTOS’s TCP/IP stack and in the AWS secure connectivity modules. The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS,” wrote Karliner in a blog post.
Karliner said that these vulnerabilities allow an attacker to crash the device, leak information from the device’s memory, and remotely execute code on it.
FreeRTOS is a popular option for IoT and embedded devices. It has been ported to over 40 pieces of hardware. The vulnerability affects FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, WHIS OpenRTOS, and SafeRTOS (With WHIS Connect middleware TCP/IP components) .
zLabs informed AWS about the flaws and worked with AWS to patch these vulnerabilities. AWS has already deployed patches for AWS FreeRTOS versions 1.3.2 and onwards.
Related content
- Is Google Working on a New Operating System?
- Microsoft Acquired RTOS Company
-
News for Admins
Stack Overflow Compromised; Docker Hub Breached; Microsoft Brings Linux to Windows 10; Running Oracle? Get Ready for Almost 300 Patches and Microsoft Acquired RTOS Company.
-
Azure Sphere for Internet of Things
Microsoft Azure Sphere links three vital elements of the Internet of Things – microcontrollers, software, and cloud service – with a focus on security. - A New Linux Vulnerability Could Provide Root Access to Systems
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
