FreeRTOS, a popular real-time operating system kernel for embedded devices, is found to have 13 vulnerabilities, as reported by Bleeping Computers yesterday. A part of these 13 vulnerabilities results in flaws in its remote code execution.
FreeRTOS supports more than 40 hardware platforms and powers microcontrollers in a diverse range of products including temperature monitors, appliances, sensors, fitness trackers, and any microcontroller-based devices. Although it works at a smaller component scale, it lacks the complexity that comes with more elaborate hardware. However, it allows processing of data as it comes in.
A researcher at Zimperium, Ori Karliner, analyzed the operating system and found that all of its varieties are vulnerable to:
- 4 remote code execution bugs,
- 1 denial of service,
- 7 information leak, and
- another security problem which is yet undisclosed
Here’s a full list of the vulnerabilities and their identifiers, that affect FreeRTOS:
FreeRTOS versions affected by the vulnerability
FreeRTOS versions up to V10.0.1, AWS FreeRTOS up to V1.3.1, OpenRTOS and SafeRTOS (With WHIS Connect middleware TCP/IP components) are affected.
Amazon has been notified of the situation. In response to this, the company has released patches to mitigate the problems.
Per the report, “Amazon decided to become involved in the development of the product for the Internet-of-Things segment. The company extended the kernel by adding libraries to support cloud connectivity, security and over-the-air updates.”
According to Bleeping Computers, “Zimperium is not releasing any technical details at the moment. This is to allow smaller vendors to patch the vulnerabilities. The wait time expires in 30 days.”
To know more about these vulnerabilities in detail, visit the full coverage by Bleeping Computers.
NSA researchers present security improvements for Zephyr and Fucshia at Linux Security Summit 2018
How the Titan M chip will improve Android security
EFF kicks off its Coder’s Rights project with a paper on protecting security researchers’ rights
United States
United Kingdom
India
Germany
France
Canada
Russia
Spain
Brazil
Australia
Argentina
Austria
Belgium
Bulgaria
Chile
Colombia
Cyprus
Czechia
Denmark
Ecuador
Egypt
Estonia
Finland
Greece
Hungary
Indonesia
Ireland
Italy
Japan
Latvia
Lithuania
Luxembourg
Malaysia
Malta
Mexico
Netherlands
New Zealand
Norway
Philippines
Poland
Portugal
Romania
Singapore
Slovakia
Slovenia
South Africa
South Korea
Sweden
Switzerland
Taiwan
Thailand
Turkey
Ukraine
