www.neowin.net Open in urlscan Pro
5.10.17.162  Public Scan

URL: https://www.neowin.net/news/cisa-badalloc-vulnerability-can-lead-to-remote-code-execution-in-blackberry-products/?utm_s...
Submission: On August 23 via api from US

Form analysis 3 forms found in the DOM

GET /search

<form class="search-wrapper" id="search" method="get" action="/search">
  <input class="search-input" type="search" name="terms" placeholder="Search News...">
</form>

Name: revue-formPOST https://www.getrevue.co/profile/neowin/add_subscriber

<form action="https://www.getrevue.co/profile/neowin/add_subscriber" id="revue-form" method="post" name="revue-form" target="_blank">
  <input class="revue-form-field" id="member_email" name="member[email]" style="height:34px;" placeholder="Your email address..." type="email"> <input id="member_submit" name="member[subscribe]" type="submit" class="button"
    style="position:absolute; margin-left:5px;" value="Subscribe">
</form>

POST /forum/login/

<form accept-charset="utf-8" action="/forum/login/" method="post" data-ipsvalidation="" novalidate="">
  <div class="modal" id="site-signin">
    <div class="modal-window">
      <div class="modal-header">
        <h3 class="modal-title">Login</h3>
        <span class="modal-close">Close</span>
      </div>
      <div class="modal-content">
        <div class="signin-form">
          <input type="hidden" name="csrfKey" value="154db093a657e5c1fca5ca0ea00aa28a">
          <input type="hidden" name="ref"
            value="aHR0cHM6Ly93d3cubmVvd2luLm5ldC9uZXdzL2Npc2EtYmFkYWxsb2MtdnVsbmVyYWJpbGl0eS1jYW4tbGVhZC10by1yZW1vdGUtY29kZS1leGVjdXRpb24taW4tYmxhY2tiZXJyeS1wcm9kdWN0cy8/dXRtX3NvdXJjZT1mZWVkYnVybmVyXHUwMDI2dXRtX21lZGl1bT1mZWVkXHUwMDI2dXRtX2NhbXBhaWduPUZlZWQlM0ErbmVvd2luLW1haW4rJTI4TmVvd2luK05ld3MlMjk=">
          <input type="hidden" name="referer" value="/news/cisa-badalloc-vulnerability-can-lead-to-remote-code-execution-in-blackberry-products/?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed%3A+neowin-main+%28Neowin+News%29">
          <input type="hidden" name="login__standard_submitted" value="1">
          <div class="signin-input form">
            <div class="field required">
              <label class="label" for="auth">Username or email:</label>
              <input type="text" class="input" id="auth" name="auth" value="">
            </div>
            <div class="field required">
              <label class="label" for="password">Password</label>
              <input type="password" class="input" id="password" name="password" value="">
            </div>
            <div class="field options">
              <label class="label" for="remember_me_checkbox" title="This is not recommended for shared computers">
                <input type="hidden" name="remember_me" value="0">
                <input type="checkbox" id="remember_me_checkbox" checked="checked" name="remember_me_checkbox" value="1" class="checkbox" tabindex="0"> Remember me </label>
            </div>
          </div>
        </div>
      </div>
      <div class="modal-actions">
        <button type="submit" id="elSignIn_submit" name="_processLogin" value="usernamepassword" class="button button-primary button-block">Sign In</button>
        <button type="submit" name="_processLogin" value="4" class="social-login-button facebook"> Sign in with Facebook </button>
        <button type="submit" name="_processLogin" value="18" class="social-login-button twitter"> Sign in with Twitter </button>
        <button type="submit" name="_processLogin" value="6" class="social-login-button google"> Sign in with Google </button>
        <button type="submit" name="_processLogin" value="16" class="social-login-button liveid"> Sign in with Microsoft </button>
      </div>
    </div>
  </div>
</form>

Text Content

Neowin
Login
Login Sign up

Facebook

Twitter

 * News
   
 * Features
   * Reviews
   * Guides
   * Unboxings
   * Trending
   * Editorials
   
 * Forums
 * Store
   
 * More
     
   * Subscribe
   * Store
   * Chat on IRC
   * Send News Tip
   * Write for Neowin
   * About Us
   * Advertising

 * Latest
 * Software
 * Microsoft
 * Gaming
 * Guides
 * Closer Look
 * Windows 11
 * Write for Neowin




CISA: BADALLOC VULNERABILITY CAN LEAD TO REMOTE CODE EXECUTION IN BLACKBERRY
PRODUCTS

Usama Jawad Neowin @@UsamaJawad96 · Aug 18, 2021 05:02 EDT with 1 comment

Back in April, Microsoft highlighted a collection of vulnerabilities called
"BadAlloc" affecting Internet of Things (IoT) and Operational Technology (OT)
devices. It stated that the memory vulnerabilities could be used to trigger
remote code execution (RCE) across millions of devices in multiple sectors
including healthcare, industrial, automotive, and enterprise. BlackBerry
disclosed yesterday that many of its products are affected by a BadAlloc
vulnerability and the Department of Homeland Security's (DHS) Cybersecurity and
Infrastructure Agency (CISA) has now issued an advisory on the matter too.



The CVE-2021-22156 BadAlloc vulnerability affects hardware running BlackBerry's
QNX Real Time Operating System (RTOS). You can find the complete list of
products affected by this vulnerability on CISA's advisory here, but it is
important to know that it impacts medical devices, automotive platforms, and the
Neutrino QNX Secure Kernel, among many others.

In a nutshell, the current vulnerability could allow a malicious actor with
network access to attack an affected device that is exposed to the internet. A
sophisticated attacker could gain control over the calloc() function to trigger
an integer overflow, giving them access to other memory locations through which
they could initiate RCE or denial-of-service conditions.

Given the criticality of the BlackBerry products affected by this issue, CISA
has outlined mitigations that should immediately be applied by manufacturers and
end users. The former are required to get in touch with BlackBerry on an urgent
basis to obtain patches whereas the latter are requested to contact
manufacturers for the provisioning of patches, which should be applied
immediately when available. If the patch is not available yet, mitigations
provided by the manufacturers should be implemented. CISA has also cautioned
that in some cases, affected hardware may need to be disconnected from service
and taken to an off-site location for "physical replacement of integrated
memory". It is unknown if this vulnerability is being exploited currently.

TAGS

 * Microsoft
 * Blackberry
 * Cisa
 * Us-cert
 * Security
 * Cybersecurity
 * Badalloc
 * Patch
 * Remote code execution
 * Rce
 * Memory
 * Denial of service
 * Vulnerability

Like
Tweet
Share
Report a problem with article

Next Article


GOOGLE IS KILLING OFF ANDROID AUTO FOR PHONE SCREENS ON ANDROID 12

Previous Article


T-MOBILE CONFIRMS DATA OF ALMOST 50 MILLION ACCOUNTS STOLEN IN THE RECENT HACK



From the WebPowered by ZergNet
This Is When You Can Get Your Tesla Cybertuck
Games That Look Absolutely Amazing On A 21:9 Display
Movies Minus Special Effects Are A Recipe For Hilarity
Video Games You Should Never Play in Front of Your Kids
The Shady Side Of Amouranth Revealed
These Mods Are Essential For Playing RE: Village On PC
Is Diablo 2 Making A Mistake With Their Pre-Orders?
GTA V Is About To Disappear

From the WebPowered by ZergNet
One Of Last-Gen's Best Games Just Got A Big Boost On Series X
Xbox Cloud Gaming Just Became A Lot Easier To Use
These Epic RPGs Are Somehow Even Better On Series X
Your Nintendo Switch Library Isn't Complete Without These JRPGs

Send news tip


GET OUR NEWSLETTER




COMMUNITY ACTIVITY

Refresh
 * PayPal brings its cryptocurrency services to the United Kingdom in Front Page
   News
 * Apple may release a redesigned Mac mini with a faster 'M1X' processor soon in
   Front Page News
 * Psychonauts 2 on Xbox Series X review: A triumphant return for the franchise
   in Front Page News
 * EMDB 4.10 in Front Page News
 * [Official] Xbox Series X & Series S Discussion in Xbox
 * Geek Uninstaller 1.4.8.145 in Front Page News
 * What was the last movie you watched? (2021 edition) in The Media Room
 * Vodafone partners with Udemy to help small businesses with training in Front
   Page News


ADVERTISEMENT




TRENDING STORIES


APPLE MAY RELEASE A REDESIGNED MAC MINI WITH A FASTER 'M1X' PROCESSOR SOON

12 hours ago with 8 comments


CLOSER LOOK: WIDGETS IN WINDOWS 11

21 hours ago with 37 comments


MICROSOFT WEEKLY: MORE WINDOWS 11 CHANGES, HIGHER-RES DASHBOARD, AND SECURITY
FLAWS

Aug 22, 2021 with 0 comments


ALDER LAKE-S CORE I9-12900K LEAK SUGGESTS PERFORMANCE MIGHT BE UNDERWHELMING

Aug 22, 2021 with 19 comments


ADVERTISEMENT




RELATED STORIES


RAZER IS FIXING A BUG WHICH GIVES ADMIN RIGHTS ON WINDOWS USING JUST A RAZER
MOUSE

4 hours ago


HERE ARE MICROSOFT'S RECOMMENDATIONS FOR MANAGING SECURITY ON WINDOWS 365 CLOUD
PCS

Aug 20, 2021


GOOGLE PROJECT ZERO REVEALS ANOTHER WINDOWS ELEVATION OF PRIVILEGE VULNERABILITY
[UPDATE]

Aug 19, 2021 · Hot!


MICROSOFT IS DRIVING ZERO TRUST ADOPTION UNDER RECENT PRESIDENTIAL EXECUTIVE
ORDER

Aug 17, 2021

Show Comments


1 COMMENTS - ADD COMMENT

Sort by oldest first (thread view) Sort by newest first (thread view) Sort by
oldest first (linear view) Sort by newest first (linear view)



ADVERTISEMENT




REPORT COMMENT

Close

Please enter your reason for reporting this comment.





BBCODE HELPER

Close

The following codes can be used in comments.

 * [b]bold[/b]
 * [i]italics[/i]
 * [u]underline[/u]
 * [s]strikethrough[/s]
 * [url]link[/url]
 * [img]imageurl[/img]
 * [quote]text[/quote]


DEALS

100% OFF

Buy Now
$559.00 $1.00
Pay What You Want: Absolute Python Bundle
16% OFF

Buy Now
$19.00 $15.99
Airflow Video Streaming: Lifetime Subscription
100% OFF

Buy Now
$1601.00 $1.00
Pay What You Want: Hardcore Game Dev Bundle
94% OFF

Buy Now
$999.00 $59.99
Nichesss AI Copywriter: Lifetime Subscription
95% OFF

Buy Now
$4499.00 $239.99
Whizlabs Online Certifications: Lifetime Membership
shopping guide


CHECK OUT OUR BACK TO SCHOOL SHOPPING GUIDE TO GET AHEAD THIS YEAR

back to school

review


SEE. HEAR. TELL. A WEEK WITH MICROSOFT'S NEW MODERN REMOTE WORK ACCESSORIES

microsoft


HUMANKIND ON GAME PASS, PATCH TUESDAY, AND NEW WINDOWS 11 BUILDS

microsoft weekly

hands-on


CLOSER LOOK: SEARCH IN WINDOWS 11

windows 11

GUIDE


NOT SATISFIED WITH WINDOWS 11 BUGS? HERE'S HOW TO ROLL BACK TO WINDOWS 10

windows 11


BUILD 22000.160 OUT FOR BETA AND DEV INSIDERS WITH NEW CLOCK APP AND MORE

windows 11


MICROSOFT RELEASES THE FIRST-EVER WINDOWS 11 ISO IMAGES

windows 11

#27


NEW SHEPARD SET FOR FIRST LAUNCH SINCE JEFF BEZOS' CREWED MISSION

twirl




COMPANY

 * Contact Us
 * About Us
 * Write for Neowin
 * Advertising


COMMUNITY

 * Forums
 * Subscribe
 * Chat on IRC
 * Neowin Deals


SOCIAL

 * Facebook
 * Twitter
 * YouTube


PARTNERS

 * Star Control
 * Fences
 * Brad Wardell
 * Store

 * DMCA Policy
 * Terms of Use
 * Privacy Statement

© Since 2000 Neowin LLC. All trademarks mentioned are the property of their
respective owners.

Top of Page


LOGIN

Close
Username or email:
Password
Remember me
Sign In Sign in with Facebook Sign in with Twitter Sign in with Google Sign in
with Microsoft

Loading