1. 11
  1. 2

    …Emphasis mine:

    […] an attacker can launch a direct attack with a specially crafted TCP packet […]

    […] even as a broadcast or multicast packet […]

    Since the Urgent Pointer field is a built-in feature of TCP, routers, NATs and even firewalls that stand between the target device and the attacker are likely to transfer it intact.

    Wow, taking devices over like it’s 1997…

    …Doesn’t VxWorks also run inside some of the black-box parts of some popular SoCs? The ‘basebands’, right? I don’t suppose many of those actually run the IP Stack though..?

    I’m pretty sure that VxWorks isn’t sold as an OS for devices.. it’s sold as an OS-platform on which manufacturers can build an OS for their device. Each of their individual devices… So, the most tragic line in this article is:

    VxWorks 7 released on July 19 contains fixes

    … Great, but did my manufacturer release new firmware yet? Wind River knows very well that they are going to have to release a lot of patch-level updates for older versions of VxWorks…