Researchers at cyber-security firm, Embedi, have discovered multiple serious vulnerabilities with the firmware of the ThreadX real-time operating system (RTOS) that’s believed to be one of the most popular software in Wi-Fi chips, with over 6.2 billion deployments.
According to Embedi researcher, Denis Selianin, the security flaw “provides an opportunity to exploit devices literally with zero-click interaction at any state of wireless connection (even when a device isn’t connected to any network)”.
One of the wireless adapters that uses ThreadX is the Marvell Avastar 88W8897, which is embedded in a number of popular gadgets, including the Xbox One, PS4, Microsoft Surface laptops, Samsung Chromebooks, Samsung Galaxy J1 smartphones and more.
There’s no immediate fix from the client side for either flaw, but both can apparently be fixed by software updates.