Security News > 2021 > August > CISA: BadAlloc impacts critical infrastructure using BlackBerry QNX
CISA today warned that IoT and OT security flaws known as BadAlloc impact BlackBerry's QNX Real Time Operating System used by critical infrastructure organizations.
BlackBerry QNX powers critical infrastructure systems.
Remote attackers could exploit devices running older versions of BlackBerry QNX products unpatched against BadAlloc to trigger denial-of-service conditions or execute arbitrary code on vulnerable QNX-based systems.
"BlackBerry QNX RTOS is used in a wide range of products whose compromise could result in a malicious actor gaining control of highly sensitive systems, increasing risk to the Nation's critical functions," CISA warned.
"CISA strongly encourages critical infrastructure organizations and other organization developing, maintaining, supporting, or using affected QNX-based systems, to patch affected products as quickly as possible."
The warnings come after BlackBerry disclosed earlier today that BadAlloc also impacts QNX Software Development Platform, QNX OS for Medical, and QNX OS for Safety.
News URL
Related news
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools (source)