Security News > 2021 > August > CISA: BadAlloc impacts critical infrastructure using BlackBerry QNX
CISA today warned that IoT and OT security flaws known as BadAlloc impact BlackBerry's QNX Real Time Operating System used by critical infrastructure organizations.
BlackBerry QNX powers critical infrastructure systems.
Remote attackers could exploit devices running older versions of BlackBerry QNX products unpatched against BadAlloc to trigger denial-of-service conditions or execute arbitrary code on vulnerable QNX-based systems.
"BlackBerry QNX RTOS is used in a wide range of products whose compromise could result in a malicious actor gaining control of highly sensitive systems, increasing risk to the Nation's critical functions," CISA warned.
"CISA strongly encourages critical infrastructure organizations and other organization developing, maintaining, supporting, or using affected QNX-based systems, to patch affected products as quickly as possible."
The warnings come after BlackBerry disclosed earlier today that BadAlloc also impacts QNX Software Development Platform, QNX OS for Medical, and QNX OS for Safety.
News URL
Related news
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)