Multiple Vulnerabilities Found in FreeRTOS
zLabs researcher Ori Karliner has found [1] multiple critical vulnerabilities in the open source real-time embedded operating system FreeRTOS.
“During our research, we discovered multiple vulnerabilities within FreeRTOS’s TCP/IP stack and in the AWS secure connectivity modules. The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS,” wrote Karliner in a blog post.
Karliner said that these vulnerabilities allow an attacker to crash the device, leak information from the device’s memory, and remotely execute code on it.
FreeRTOS is a popular option for IoT and embedded devices. It has been ported to over 40 pieces of hardware. The vulnerability affects FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, WHIS OpenRTOS, and SafeRTOS (With WHIS Connect middleware TCP/IP components) .
zLabs informed AWS about the flaws and worked with AWS to patch these vulnerabilities. AWS has already deployed patches for AWS FreeRTOS versions 1.3.2 and onwards.
Related content
- Is Google Working on a New Operating System?
- Microsoft Acquired RTOS Company
-
News for Admins
Stack Overflow Compromised; Docker Hub Breached; Microsoft Brings Linux to Windows 10; Running Oracle? Get Ready for Almost 300 Patches and Microsoft Acquired RTOS Company.
- A New Linux Vulnerability Could Provide Root Access to Systems
-
Azure Sphere for Internet of Things
Microsoft Azure Sphere links three vital elements of the Internet of Things – microcontrollers, software, and cloud service – with a focus on security.