Security researchers have discovered almost a dozen zero-day vulnerabilities in VxWorks, one of the most widely used real-time operating systems (RTOS) for embedded devices that powers over 2 billion devices across aerospace, defense, industrial, medical, automotive, consumer electronics, networking, and other critical industries.
According to a new report Armis researchers shared with The Hacker News prior to its release, the vulnerabilities are collectively dubbed as URGENT/11 as they are 11 in total, 6 of which are critical in severity leading to ‘devastating’ cyberattacks.
Armis Labs is the same IoT security company that previously discovered the BlueBorne vulnerabilitiesin Bluetooth protocol that impacted more than 5.3 Billion devices—from Android, iOS, Windows and Linux to the Internet of things (IoT).
These vulnerabilities could allow remote attackers to bypass traditional security solutions and take full control over affected devices or “cause disruption on a scale similar to what resulted from the EternalBlue vulnerability,” without requiring any user interaction, researchers told The Hacker News.
It’s likely possible that many of you might have never heard of this operating system, but Wind River VxWorks is being used to run many everyday internet-of-things such as your webcam, network switches, routers, firewalls, VOIP phones, printers, and video-conferencing products, as well as traffic lights.
Besides this, VxWorks is also being used by mission-critical systems including SCADA, trains, elevators and industrial controllers, patient monitors, MRI machines, satellite modems, in-flight WiFi systems, and even the mars rovers.
images from Hacker News