Amazon patches IoT and critical infrastructure security flaws

Researchers at Zimperium identified the CVE vulnerabilities which included four remote code execution flaws, one denial of service flaw, and seven information leak vulnerabilities which respectively could allow attackers to crash a device, leak data from the device’s memory, and remotely execute code on it, according to an Oct. 18 blog post. AWS took stewardship for the FreeRTOS kernel and its components In November 2017 and aims to provide a fully enabled IoT platform for microcontrollers, by bundling the FreeRTOS kernel together with the FreeRTOS TCP/IP stack, modules for secure connectivity, over the air updates, code signing, AWS cloud support, and more.