researchers in the field of computer security claim to have discovered 26 new vulnerabilities in a set of USB drivers operating systems Linux, macOS, Windows and Free BSD. A team of researchers from the USA and Switzerland found all the bugs with the help of self-created tool – USBFuzz.
it is reported by ZDNet. USBFuzz, like other similar solutions – passeri (fuzzers), works by sending in the application is incorrect, unexpected or random data.
After this, the researchers analyze how was the application as a result of this “bombardment”. Their goal is among detectable faults to detect those that can be used for cyber attacks. USBFuzz implemented in software, but “faking” in the system of the connected USB device and is specially designed to test USB drivers of modern operating systems.
the Creators USBFuzz tested it on 9 recent versions of the Linux kernel (v4.14.81, v4.15,v4.16, v4.17, v4.18.19, v4.19, v4.19.1, v4.19.2 and v4.20-rc2), 12 FreeBSD, MacOS 10.15 Catalina, and Windows versions 8 and 10 by adding previously the latest security updates.
the result was discovered one new bug in FreeBSD, macOS three (two reload, one causes the system to hang) and four Windows (lead to “blue screen of death”). But the most vulnerable (and most serious) found in the USB stack of Linux – only 18 pieces. They have informed the development team of the core operating system, 11 of them successfully patched, and 7 will get a patch in the near future.