Home/News/Seven Unpatched Flaws Found in Widely Used FatFs Filesystem Library
The Hacker News2 min read

Seven Unpatched Flaws Found in Widely Used FatFs Filesystem Library

Security firm runZero disclosed seven vulnerabilities in the FatFs filesystem library on February 21, 2024. FatFs is a widely adopted software component that enables devices to read and write data using the FAT and exFAT file formats, commonly found on USB drives and SD cards.

The discovered vulnerabilities, which remain unpatched, pose a significant risk due to FatFs' pervasive use across a vast array of embedded devices. These include consumer electronics such as security cameras and drones, as well as critical infrastructure components like industrial controllers and hardware cryptocurrency wallets. The library's integration into the firmware of these devices means that a compromise could affect millions of units globally.

runZero's analysis identified several critical flaws within FatFs, including buffer overflows and other memory corruption issues. Exploiting these vulnerabilities could allow attackers to execute arbitrary code on affected devices, potentially leading to denial-of-service conditions, data theft, or even full system compromise. The nature of embedded systems, which often lack robust security patching mechanisms, exacerbates the risk associated with these unaddressed flaws.

The firm has provided detailed technical information about the vulnerabilities to the affected vendors and the broader security community, urging them to implement necessary patches. The widespread deployment of FatFs underscores the challenges in securing the vast ecosystem of embedded devices, where a single vulnerable component can create a broad attack surface. runZero's disclosure highlights the ongoing need for diligent security auditing and timely remediation of software libraries used in IoT and industrial control systems.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Read next