BlackBerry admitted that security vulnerabilities in the QNX operating system

QNX is a UNIX-like operating system, which was acquired by BlackBerry many years ago and used in various industrial facilities. Some factories and medical equipment use this system.

Unfortunately, there are still many companies and organizations using this old operating system, so security vulnerabilities will still have serious security impacts.

This week, BlackBerry disclosed the BadAlloc security vulnerability in the QNX operating system. Those with bad intentions can use this vulnerability to disable the device to cause potential security threats.

CVE-2020-5902

And this operating system is used on industrial equipment, medical equipment, railway equipment, automobiles, and even the International Space Station in the United States, all of which are affected by this vulnerability.

Considering that this operating system is used on so many important devices, it takes several months for BlackBerry to confirm the vulnerability and disclose the details of the vulnerability, which is disturbing.

Initially, Microsoft discovered the vulnerability in April, and then Microsoft notified the vulnerability to BlackBerry and the Cybersecurity and Infrastructure Security Agency of the US Department of Homeland Security.

It was in May that the US Department of Homeland Security assisted Microsoft in publicly disclosing this security vulnerability, and only now, BlackBerry publicly acknowledged the vulnerability and denied the security threat.

People familiar with the insider said that BlackBerry has long been notified by Microsoft, but BlackBerry does not believe that this vulnerability will affect its products, and BlackBerry cannot count its user base.

For this reason, BlackBerry refused to disclose the vulnerability publicly. Until recently, after repeated discussions with the US Department of Homeland Security, hackers finally decided to publicly disclose the existence of the vulnerability.

BlackBerry said that customers using this system should upgrade to the latest version of QNX as soon as possible because BlackBerry has released a fix to solve this vulnerability in the latest version.

Via: TechSpot