The USA’s CISA and Blackberry simultaneously announced the vulnerability of Blackberry’s QNX division’s Real Time Operating System (RTOS) products to CVE-2021-22156, the so called “Bad Alloc” vulnerability in RTOS products that was recently disclosed. The vulnerability allows for an overflow attack in services that utilize the calloc() function, which would allow for denial of service or remote code execution (RCE). QNX was a major acquisition by the iconic handheld device company Blackberry and specializes in providing RTOS to a wide range of embedded devices and applications. Any RTOS that has not yet been updated to the latest version and patched is vulnerable. These include over 195 million vehicle systems as well as a wide range of medical devices, industrial control systems (ICS), and other embedded devices.
12 Essentials for a Successful SOC Partnership
Binary Defense
January 12, 2023
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security
