Cyber Security & Drones
drone, camera, flying @ Pixabay

freertos security vulnerabilities

FreeRTOS, an open-source operating system that powers many IoT hardware products’ microprocessors and controllers, has been exposed to new vulnerabilities.

These vulnerabilities affect FreeRTOS through the TCP/IP stack.

Versions affected

Versions affected include FreeRTOS V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS V1.3.1, OpenRTOS, and SafeRTOS (with WHIS Connect middleware components TCP/IP).

This is why it’s a disaster

Many IoT devices use FreeRTOS. These devices can be difficult to patch and are often very inexpensive. Many of these devices are not updated in years.

FreeRTOS products include temperature monitors, fitness trackers and appliances. TCP/IP is the most vulnerable protocol. These devices are able to connect to the internet.

We know these devices are connected so we can conclude they can be patched.

But they will.

Most likely not. This vulnerability has the potential to potentially be exploited for many years.

Here is the full list of vulnerabilities and their identifiers that affect FreeRTOS.

CVE-2018-16522 Remote Code Execution
CVE-2018-16525 Remote Code Execution
CVE-2018-16526 Remote Code Execution
CVE-2018-16528 Remote Code Execution
CVE-2018-16523 Denial Of Service
CVE-2018-16524 Information Leak
CVE-2018-16527 Information Leak
CVE-2018-16599 Information Leak
CVE-2018-16600 Information Leak
CVE-2018-16601 Information Leak
CVE-2018-16602 Information Leak
CVE-2018-16603 Information Leak
CVE-2018-16598 Other
Previous article23 Top Cybersecurity Frameworks
Next articleYour W2 Form is For Sale on the Dark Web
Evangeline Christina is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Previously, he worked as a security news reporter in a reputed news agency.