BlackBerry told customers this week that the QNX embedded operating system is vulnerable to a BadAlloc flaw that might result in arbitrary code execution or a loss of service.
BadAlloc is a collection of 25 vulnerabilities that affect a wide range of Internet of Things (IoT) and operational technology (OT) devices. It was first publicly disclosed in April. Malicious attackers might use the flaws to take control of extremely sensitive systems.
“In order to exploit this vulnerability, an attacker must have control over the parameters to a calloc() function call and the ability to control what memory is accessed after the allocation. To remotely exploit this vulnerability, an attacker would require network access and the devices would need to have a vulnerable service running and exposed,” BlackBerry said.
To Read More: Securityweek
For more such updates follow us on Google News ITsecuritywire News.