Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices
Security researchers with Armis have uncovered 11 critical zero-day flaws in VxWorks, a real-time operating system (RTOS) used in 2 billion Internet-of-things (IoT) devices. The flaws don’t impact all VxWorks versions, but are estimated to affect about 200 million devices.
6 of the vulnerabilities allow for remote code execution (RCE), while the other 5 are related to denial of service, information leaks, or logical flaws. Affected devices can include firewalls, routers, medical devices, printers, process controllers and more. A patch is available, but because many organizations don’t know what operating systems are running on their IoT devices, it seems likely that many devices will remain vulnerable.