Security News > 2020 > August > Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform

Details tied to a pair of remote code execution bugs in Microsoft's IoT security platform called Azure Sphere were released Monday.

Public disclosure of all four of the bugs piggyback on six vulnerabilities found in July also impacting Microsoft's Azure Sphere.

The second code execution vulnerability outlined by researchers impacts Microsoft Azure Sphere 20.07 and is based on the assumption a local attacker can introduce a compromised application into the IoT ecosystem.

The vulnerability, according to researchers, can be exploited by an application that hides in Azure Sphere and executes a process within Microsoft's custom Linux-based OS - part of Azure Sphere.

"An attacker can use the ptrace API to gain execution in another Azure Sphere process and use its Azure Sphere capabilities to access an entirely new set of IOCTL requests," Cisco Talos wrote.

News URL

https://threatpost.com/four-more-bugs-patched-in-microsofts-azure-sphere-iot-platform/158643/