CISA, FBI release secure by design alert on vulnerabilities in operating systems

CISA and the FBI are providing guidance on a common type of vulnerability that can allow malicious actors to manipulate operating systems in unintended ways and highlighting mitigations software producers can implement, in the latest entry of CISA's secure by design alert series.

“Operating system (OS) command injection vulnerabilities are a preventable class of vulnerability in software products. Software manufacturers can eliminate them at the source by taking a secure by design approach. Despite this fact, OS command injection vulnerabilities...