Critical BadAlloc Vulnerability Impacts BlackBerry QNX in Millions of Vehicles and Medical Devices

August 18, 2021

A significant security flaw in older versions of BlackBerry’s QNX Real-Time Operating System (RTOS) poses a risk of enabling malicious actors to take control of various devices, including cars and medical equipment. This issue, identified as CVE-2021-22156 with a CVSS score of 9.0, is part of a larger series of vulnerabilities dubbed BadAlloc that was first revealed by Microsoft in April 2021. The flaw could potentially serve as a backdoor for attackers, allowing them to disrupt operations or commandeer devices. According to a bulletin from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code on affected devices.” As of now, there are no indications that this vulnerability has been actively exploited. BlackBerry QNX technology serves over 195 million vehicles and embedded systems globally.

Critical Vulnerability in BlackBerry QNX Poses Risk to Millions of Devices

August 18, 2021

A significant security vulnerability has been identified in older versions of BlackBerry’s QNX Real-Time Operating System (RTOS), which underpins a vast array of products, including automotive systems, medical equipment, and industrial machinery. This flaw, officially designated as CVE-2021-22156, carries a high Common Vulnerability Scoring System (CVSS) score of 9.0, indicating its severe potential consequences. Identified as part of the broader “BadAlloc” vulnerabilities suite, which was first disclosed by Microsoft in April 2021, this security breach could grant malicious actors unauthorized access and control over affected devices, jeopardizing both safety and functionality.

According to a recent advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), a remote adversary could exploit CVE-2021-22156 to instigate a denial-of-service condition or execute arbitrary code on the vulnerable devices. While robust security measures are typically in place for such devices, this vulnerability exposes critical weaknesses that have not yet been actively exploited, according to current reports. Nonetheless, it’s essential for organizations relying on BlackBerry QNX to implement mitigation strategies promptly to safeguard against potential threats.

Currently, BlackBerry QNX technology is embedded in over 195 million vehicles and various embedded systems globally. The widespread use of this operating system raises alarm, particularly in sectors that manage sensitive operations, such as healthcare and transportation. A compromised device in these environments could lead to disastrous outcomes, emphasizing the urgent need for vigilance and proactive risk management among business owners.

The potential tactics employed by adversaries to exploit this flaw align with several categories outlined in the MITRE ATT&CK framework. For instance, initial access could be achieved by manipulating network protocols typical of these devices, allowing attackers to inject malicious payloads. Following this, persistence techniques might enable them to maintain access, while privilege escalation could facilitate broader control over the device’s functionalities.

While there have been no confirmed instances of active exploitation as of this writing, the implications of such a vulnerability cannot be overstated. Businesses that incorporate BlackBerry QNX into their technology stacks must consider this vulnerability as part of their broader cybersecurity strategy. Implementing effective countermeasures will be critical to maintaining operational integrity and mitigating risks associated with denied access to critical systems.

As organizations navigate the intricacies of cybersecurity, awareness and prompt action are crucial. The convergence of technology in everyday products makes these vulnerabilities equally relevant to consumers and companies alike. Business owners are encouraged to monitor updates from cybersecurity agencies and take immediate steps to address potential security gaps that may arise from this and similar vulnerabilities. Addressing these issues proactively not only enhances corporate security but fosters trust with customers reliant on safe and reliable technology.

Source link

Related Posts

Unresolved Remote Hacking Vulnerability Found in Fortinet’s FortiWeb WAF

Aug 18, 2021

Recent revelations highlight a serious, unpatched security flaw in Fortinet’s web application firewall (WAF) that could enable a remote authenticated attacker to execute harmful commands on the system. According to cybersecurity firm Rapid7, an OS command injection vulnerability in FortiWeb’s management interface (versions 6.3.11 and earlier) allows this exploitation through the SAML server configuration page. This issue is linked to CVE-2021-22123, which was noted in advisory FG-IR-20-120. Rapid7 identified and reported the vulnerability in June 2021, and Fortinet plans to release a fix in late August with FortiWeb version 6.4.1. While this command injection flaw has not yet been assigned a CVE identifier, it carries a severity rating of 8.7 on the CVSS scoring system. Exploiting this vulnerability could enable authenticated users to execute arbitrary commands.

Severe ThroughTek SDK Vulnerability Exposes Millions of IoT Devices to Spy Threats

A serious security flaw has been identified in multiple versions of the ThroughTek Kalay P2P Software Development Kit (SDK), potentially allowing remote attackers to gain control of vulnerable devices and execute harmful code. Labeled as CVE-2021-28372 (with a CVSS score of 9.6) and uncovered by FireEye Mandiant in late 2020, this issue involves improper access controls in ThroughTek’s point-to-point (P2P) products. If exploited, attackers could listen in on live audio, view real-time video streams, and compromise device credentials, leading to further attacks stemming from exposed functionalities. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “successful exploitation of this vulnerability could enable remote code execution and unauthorized access to sensitive information, including audio/video feeds from cameras.” There are estimated to be 83 million active devices vulnerable to this flaw.

Kaseya Releases Security Patches for Two New 0-Day Vulnerabilities in Unitrends Servers

Kaseya, a U.S. technology company, has issued security patches to address two zero-day vulnerabilities in its Unitrends enterprise backup and continuity solution, which could lead to privilege escalation and authenticated remote code execution. These flaws are part of a trio reported by researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) on July 3, 2021. The vulnerabilities have been resolved in server software version 10.5.5-2, released on August 12. However, an undisclosed client-side vulnerability in Kaseya Unitrends remains unpatched. To mitigate associated risks, the company has provided firewall rules for traffic filtering and recommends not exposing servers to the internet.

New Microsoft Exchange ‘ProxyToken’ Vulnerability Allows Attackers to Alter Mailbox Configurations

Details have surfaced regarding a recently patched security flaw in Microsoft Exchange Server that could be exploited by unauthenticated attackers to change server settings, potentially exposing Personally Identifiable Information (PII). The vulnerability, identified as CVE-2021-33766 (CVSS score: 7.3) and referred to as “ProxyToken,” was found by Le Xuan Tuyen, a researcher at the Information Security Center of Vietnam Posts and Telecommunications Group (VNPT-ISC), and reported through the Zero-Day Initiative (ZDI) program in March 2021. According to the ZDI, “With this vulnerability, an unauthenticated attacker can perform configuration actions on mailboxes belonging to arbitrary users.” For instance, the attacker could redirect all emails sent to a targeted account to a mailbox they control. Microsoft addressed this issue in its Patch Tuesday updates for July 2021.