Multiple Vulnerabilities Found in FreeRTOS
zLabs researcher Ori Karliner has found [1] multiple critical vulnerabilities in the open source real-time embedded operating system FreeRTOS.
“During our research, we discovered multiple vulnerabilities within FreeRTOS’s TCP/IP stack and in the AWS secure connectivity modules. The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS,” wrote Karliner in a blog post.
Karliner said that these vulnerabilities allow an attacker to crash the device, leak information from the device’s memory, and remotely execute code on it.
FreeRTOS is a popular option for IoT and embedded devices. It has been ported to over 40 pieces of hardware. The vulnerability affects FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, WHIS OpenRTOS, and SafeRTOS (With WHIS Connect middleware TCP/IP components) .
zLabs informed AWS about the flaws and worked with AWS to patch these vulnerabilities. AWS has already deployed patches for AWS FreeRTOS versions 1.3.2 and onwards.
Related content
-
Create flexible backups with Kopia
The Kopia open source system for automating the creation and transfer of backups supports a wide range of remote storage devices, making it particularly useful as a backup tool in cloud environments. The convenient GUI for Windows installations holds its own against commercial products, despite its short development history. - Is Google Working on a New Operating System?
- Microsoft Acquired RTOS Company
-
News for Admins
Stack Overflow Compromised; Docker Hub Breached; Microsoft Brings Linux to Windows 10; Running Oracle? Get Ready for Almost 300 Patches and Microsoft Acquired RTOS Company.
-
Mobile hacking tool
The Flipper Zero mobile hacking tool, a highly portable device that looks like a kiddy toy at first glance, can check a wide range of wireless connections for vulnerabilities. We take a look at potential applications in pentesting scenarios.