1. You are here:
  2. Homepage
  3. News & Insights Search
  4. FDA warns BlackBerry vulnerability may hit drug manufacturing, medical devices

rf-fullcolor.png

 

Regulatory News
August 17, 2021
by Michael Mezher

FDA warns BlackBerry vulnerability may hit drug manufacturing, medical devices

A vulnerability known as “BadAlloc” in a widely used BlackBerry operating system may pose risks for pharmaceutical manufacturing equipment and certain medical devices, the US Food and Drug Administration said on Tuesday.
 
FDA’s announcement was made alongside disclosures about the vulnerability from the US Cybersecurity and Infrastructure Security Agency (CISA) and BlackBerry detailing the vulnerability and providing information on mitigations to patch the problematic code.
 
The BadAlloc vulnerability was previously disclosed by CISA after being identified by researchers at Microsoft last April and affects software in numerous real-time operating systems (RTOS), including versions of Amazon’s FreeRTOS, Apache Nuttx OS and ARM’s Mbed OS.
 
In its statement, BlackBerry said that an integer overflow vulnerability affecting several older versions of its QNX operating system, which is widely used in manufacturing and medical equipment, “could potentially allow a successful attacker to perform a denial of service or execute arbitrary code.” The company said it is not aware of any real-world exploitations of the vulnerability.
 
FDA said that organizations impacted by the vulnerability should notify the agency of any products, equipment or systems that use the vulnerable RTOS and inform it of any potential impacts.
 
“FDA is not aware of any confirmed adverse events related to these vulnerabilities,” it said. “Manufacturers are assessing which equipment or systems may be affected by the BlackBerry QNX cybersecurity vulnerability, evaluating the risk, and developing mitigations, including deploying patches from BlackBerry.”
 
According to BlackBerry, the vulnerability has a Common Vulnerability Scoring System (CVSS V3) rating of 9.0 out 10, which falls in the critical range. The vulnerability is both remotely exploitable and of low attack complexity, CISA said.
 
FDA, CISA Alert, BlackBerry

Related topics

Medical Devices Pharmaceuticals Product Lifecycle
Return to listing

Recommended content

Regulatory Affairs Professionals Society (RAPS)
5635 Fishers Lane, Suite 400
Rockville, Maryland 20852

Telephone: +1 301 770 2920
Fax: +1 301 841 7956

Email:  [email protected]

Design & Development by Pixl8
Membership software by ReadyMembership

Regulatory Affairs Professionals Society (RAPS)

© 2026 Regulatory Affairs Professionals Society

×

Welcome to the new RAPS Digital Experience

We have completed our migration to a new platform and are pleased to introduce the updated site.

What to expect: If you have an existing login, please RESET YOUR PASSWORD before signing in. After you log in for the first time, you will be prompted to confirm your profile preferences, which will be used to personalize content.

We encourage you to explore the new website and visit your updated My RAPS page. If you need assistance, please review our FAQ page.

We welcome your feedback. Please let us know how we can continue to improve your experience.