BlackBerry discloses a critical flaw in QNX OS, impacting 200M+ cars, hospital equipment, more; sources say it resisted public disclosure until talks with CISA
A flaw in software made by BlackBerry has left two hundred million cars, along with critical hospital and factory equipment …
Politico
Related Coverage
- QNX-2021-001 Vulnerability in the C Runtime Library Impacts BlackBerry QNX Software Development Platform (SDP), QNX OS for Medical, and QNX OS for Safety BlackBerry
- Alert (AA21-229A) — BadAlloc Vulnerability Affecting BlackBerry QNX RTOS — Summary us-cert.cisa.gov
- View article Forbes
- View article Threatpost
- View article The Hacker News
- View article IT PRO
- View article iPhone in Canada Blog
- View article TechRadar
- BlackBerry QNX flaw left cars and medical devices vulnerable to attack Engadget · Mariella Moon
- BlackBerry software flaw could impact cars, medical devices - U.S. agencies Reuters · Manojna Maddipatla
- BlackBerry QNX Cybersecurity Vulnerabilities May Affect Drug Manufacturing Equipment US Food and Drug …
- Blackberry Admits Cars, Medical Devices at Risk of Being Hacked PCMag · Matthew Humphries
- BadAlloc Flaw Impacts Many Systems Running BlackBerry's QNX Embedded OS SecurityWeek · Ionut Arghire
- CISA: BadAlloc vulnerability can lead to remote code execution in BlackBerry products Neowin · Usama Jawad
- CISA Urges Organizations to Patch Critical BlackBerry QNX Bug infosecurity-magazine.com · Phil Muncaster
- Major flaw in BlackBerry software may affect car safety, hospitals CyberNews · Vilius Petkauskas
- CISA releases alert on BadAlloc vulnerability in BlackBerry products ZDNet · Jonathan Greig
- BlackBerry's popular operating system for medical devices affected by critical vulnerabilities, drawing fed warnings CyberScoop · Sean Lyngaas
- ‘BadAlloc’ Vuln Affects Devices Using Older BlackBerry QNX Products Dark Reading
Discussion
-
@ericgeller
Eric Geller
on x
After admitting that older (but still widely used) QNX versions were vulnerable, BlackBerry initially told CISA that it wanted to privately notify customers. But because of how QNX is sold and packaged into products, BlackBerry doesn't know everyone who uses it. https://twitter.c…
-
@chey_cobb
CyberSec Chey
on x
Blackberry has been ducking reports that their QNX OS is vulnerable. It still powers cars, factories, medical devices, railroad equipment, US govt equipment, and certain parts of the Space Station. https://twitter.com/...
-
@hrbrmstr
@hrbrmstr
on x
Ooof. QNX is...everywhere. Yet another situation where SBOM would be a big help. https://us-cert.cisa.gov/...
-
@icscert
Ics-Cert
on x
🚨 BlackBerry disclosed its QNX #RTOS is affected by a #BadAlloc vulnerability—CVE-2021- 22156. Many BlackBerry QNX products are affected CVE-2021-22156. Follow @CISAgov's guidance: https://us-cert.gov/.... #VulnerabilityManagement https://twitter.com/...
-
@timclicks
Tim McNamara
on x
Remember kids - companies that write systems software in safe languages don't expose hundreds of millions of users to security exploits. https://twitter.com/...
-
@0xbanana
@0xbanana
on x
C and C++ aren't going away anytime soon but you can mitigate classes of vulnerabilities using a language like Rust. Let's start writing safer code everyone! #infosec #100DaysOfCode https://twitter.com/...
-
@ericgeller
Eric Geller
on x
Remember the BadAlloc vulnerabilities in real-time operating systems and other software, disclosed in April? BlackBerry just announced that its QNX RTOS — used everywhere from cars and hospitals to the ISS — is vulnerable. https://support.blackberry.com/ ... https://us-cert.cisa.…
-
@jason_healey
Jay Healey
on x
Awesome that @CISAgov had the oomph to push BlackBerry to take responsibility. Before CISA, especially when NSC lacked cyber coordinator under Trump, there might not have been a civilian cyber official to drive this result! https://twitter.com/...
-
@icscert
Ics-Cert
on x
❗️ @CISAgov strongly encourages #criticalinfrastructure, #ICS owners and operators, and any other organization developing, maintaining, supporting, or using affected QNX-based systems to patch ASAP: https://us-cert.gov/.... #Cybersecurity #IoT #Software #OT