BlackBerry’s QNX RTOS (real-time operating system), which is used in certain medical devices and drug manufacturing equipment, has been affected by a BadAlloc vulnerability. This is a collection of vulnerabilities that could allow a remote attacker to exploit and deny certain device functions. Yesterday the FDA issued an alert to patients, healthcare providers and manufacturers about the cybersecurity vulnerability. “The FDA is not aware of any confirmed adverse events related to these vulnerabilities,” the agency stated. “Manufacturers are assessing which devices may be affected by the BlackBerry QNX cybersecurity vulnerabilities and are evaluating the risk and developing mitigations, including deploying patches from BlackBerry.”
The Cybersecurity & Infrastructure Security Agency (CISA) also published an alert about the BadAlloc vulnerability and thus far is unaware of any exploitation of the vulnerability. “CISA strongly encourages critical infrastructure organizations and other organizations developing, maintaining, supporting, or using affected QNX-based systems to patch affected products as quickly as possible,” the agency stated in the alert.
For products that are affected by the vulnerability, manufacturers should contact BlackBerry to get the patch.