Security News > 2021 > August > CISA: BadAlloc impacts critical infrastructure using BlackBerry QNX
CISA today warned that IoT and OT security flaws known as BadAlloc impact BlackBerry's QNX Real Time Operating System used by critical infrastructure organizations.
BlackBerry QNX powers critical infrastructure systems.
Remote attackers could exploit devices running older versions of BlackBerry QNX products unpatched against BadAlloc to trigger denial-of-service conditions or execute arbitrary code on vulnerable QNX-based systems.
"BlackBerry QNX RTOS is used in a wide range of products whose compromise could result in a malicious actor gaining control of highly sensitive systems, increasing risk to the Nation's critical functions," CISA warned.
"CISA strongly encourages critical infrastructure organizations and other organization developing, maintaining, supporting, or using affected QNX-based systems, to patch affected products as quickly as possible."
The warnings come after BlackBerry disclosed earlier today that BadAlloc also impacts QNX Software Development Platform, QNX OS for Medical, and QNX OS for Safety.
News URL
Related news
- New IOCONTROL malware used in critical infrastructure attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation (source)
- CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors (source)