The security research unit for Microsoft's new Azure Defender for IoT product discovered a number of poor memory allocation operations in code used in Internet of Things (IoT) and operational technology (OT), like industrial control systems, that could fuel malicious code execution.
Dubbed BadAlloc, the exploits are associated with improperly validating input, which leads to heap overflows.
The team, called Section 52, said the use of these functions becomes problematic when passed external input that can trigger an integer overflow or wraparound as values to the functions.
Microsoft said it alerted the affected vendors (including Google Cloud, ARM, Amazon, Red Hat, Texas Instruments, and Samsung Tizen) and patched the vulnerabilities in cooperation with the U.S. Department of Homeland Security.
The team recommended the isolation of IoT devices and OT networks from corporate information technology networks using firewalls.
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA