Zero Day Initiative - Multiple Vulnerabilities in the Mazda In-Vehicle Infotainment (IVI) System
Briefly

from Zero Day Initiative3 months ago
"Multiple vulnerabilities have been discovered in the Mazda Connect CMU system, exposing vehicles to arbitrary code execution through specially crafted USB devices by physically present attackers."
Zero Day Initiativehttps://www.thezdi.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system
"These vulnerabilities stem from insufficient sanitization of input when handling attacker-supplied input, making the system susceptible to exploitation when users connect USB devices."
Zero Day Initiativehttps://www.thezdi.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system
"Research indicated that the vulnerabilities were present in various software versions of the CMU, with the latest being 74.00.324A and earlier versions down to at least 70.x impacted."
Zero Day Initiativehttps://www.thezdi.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system
"While there's a vibrant 'modding scene' around the CMU, exploiting these vulnerabilities could allow unauthorized modifications with potentially harmful consequences, sparking concerns regarding vehicle cybersecurity."
Zero Day Initiativehttps://www.thezdi.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system
Read at Zero Day Initiative
#cybersecurity #automotive #mazda-connect #software-vulnerabilities #arbitrary-code-execution
[
|
]