A Patch is Availale to Fix Vulnerabilities Found in WindRiver VxWorks

A Patch is Availale to Fix Vulnerabilities Found in WindRiver VxWorks

MarsRover.jpg

WindRiver VxWorks is an operating systems that powers millions of devices in the IoT. From medical equipment to automobiles, consumer electronics to space satellites, and even Mars rovers – Wind River VxWorks powers all of it.

Researchers at Armis recently discovered that there are 11 vulnerabilities within the operating system that can be exposed within the firewall. SonicWall systems, the firewall appliances that runs through a lot of devices with the Wind River VxWorks operating system, takes advantage of a third party TCP/IP code in order to manage the systems remotely. Through this third party system is where the vulnerabilities were discovered. 

For anybody with a device that uses these operating systems, this does not mean that you are at complete risk. Once these vulnerabilities were discovered SonicWall quickly went to work on making a patch and strongly advises all customers install the patched version of SonicOS for free which helps prevent these 11 vulnerabilities (URGENT/11) from being exploited.

At the time URGENT/11 came to light, there was no evidence that any of the vulnerabilities were being exploited by hackers. 

This is an instance where an operating system’s vulnerabilities were discovered by security practitioners rather than a person or machine that can pose a major threat, which is much safer for the general public because the problem can be solved before it is exploited. When SonicWall discovered the vulnerability, a patch was created to stop threats.

It is important to continuously keep up to date with the latest security patches as an unpatched device remains vulnerable. In the ever expanding IoT, all kinds of devices, including consumer grade technology, software updates and patches are continuously being released. Disregarding these patches leaves you at risk.

Story via Sonciwall

Third Party Compromise Leads to Quest Diagnostics Data Breach

Third Party Compromise Leads to Quest Diagnostics Data Breach

Capital One Falls Victim to One of the Largest Data Breaches Ever

Capital One Falls Victim to One of the Largest Data Breaches Ever