*US Cybersecurity and Infrastructure Security Agency (CISA) says such vulnerabilities 鈥榗ould result in a malicious actor gaining control of highly sensitive systems鈥�

Isola Moses | 绿帽献妻

In a move to prevent an attacker from flooding a server with traffic that could crash or execute an arbitrary code, BlackBerry, a software design company, has announced it had discovered a critical vulnerability (CVSS score 9.0) in its QNX real-time operating system (QNX RTOS).

绿帽献妻 learnt the development has prompted a warning from US Cybersecurity and Infrastructure Security Agency (CISA).

BlackBerry鈥檚 software is used by major automakers, including BMW, Ford Motor, and Volkswagen, agency report noted.

The regulatory agency stated that vulnerabilities 鈥渃ould result in a malicious actor gaining control of highly sensitive systems.鈥�

Among the functions, the software controls are the Advanced Driver Assistance System. A flaw in QNX RTOS could allow an attacker to flood a server with traffic until it crashed or execute an arbitrary code, report said.

CISA also noted that the exploit of vulnerabilities 鈥渃ould result in unexpected behaviour such as a crash.鈥�

The Canadian software developer claims the vulnerability affects older versions of QNX RTOS, dating from 2012 and back, report Reuters.

However, there is no indication that the flaw was abused thus far, according to report.

Therefore, in view of the fact that the BlackBerry software is also used to run medical equipment, the US Food and Drug Administration (FDA) stated that it was not aware of any adverse events.

FDA claimed that vulnerabilities 鈥渕ay introduce risks for certain medical devices and drug manufacturing equipment.鈥�

It is as well noted BlackBerry initially denied that the BadAlloc vulnerability had any impact on its product.

Other companies affected by the same vulnerability went public May 2021, whereas BlackBerry denied impact on its products and refused to acknowledge the flaw publicly, reports Politico.

Since the heyday of BlackBerry鈥檚 once-popular smartphones is long gone, the company has shifted towards making software for industrial equipment, report stated.

The Canadian company, nonetheless, boasts that besides the automotive and health sectors, QNX is used by aerospace and defense, rail, robotics, and other sectors.

Kindly Share This Story

 

听