Researchers have detected 13 vulnerabilities in the Amazon FreeRTOS operating system, some of which are classified as critical, allowing attackers to take complete control of the system. Amazon FreeRTOS is a system that performs real-time actions, considered safe, used in several IoT devices, including in the aerospace and medical sectors.
Vulnerabilities affect FreeRTOS versions up to 10.0.1 (with FreeRTOS + TCP), AWR versions FreeRTOS up to 1.3.1 and WHIS OpenRTOS and SafeRTOS (with TCP / IP middleware WHIS Connect components). They enable remote code execution, allowing full control of the devices, also making it possible for attackers to crash target devices, leaking memory data
The researchers notified Amazon about the vulnerabilities, which released fix patches for versions 1.3.2 and later of FreeRTOS
Article originally published in the Tempest Soundbites app, available to Tempest customers on Android and iOS versions. To get a credential, talk to your relationship manager.