The FBI and Cybersecurity and Infrastructure Security Agency are urging organizations developing software to eradicate buffer overflow vulnerabilities by implementing secure-by-design principles, The Register reports.Such "unforgivable" memory safety issues have been observed in Microsoft, Ivanti, and VMware vCenter instances, and could be circumvented with safe and up-to-date coding languages, including Go, Rust, and Swift, according to the joint FBI and CISA advisory.The advisory noted that Chinese cyberattacks are leveraging these vulnerabilities in the Linux kernel, tracked as CVE-2022-0185. Software development firms were advised to not only adopt compiler flags and unit tests with AddressSanitizer and MemorySanitizer but also implement static analysis, manual evaluations, fuzzing, and analysis of previously discovered software issues. "CISA and FBI maintain that the use of unsafe software development practices that allow the persistence of buffer overflow vulnerabilities — especially the use of memory-unsafe programming languages — poses unacceptable risk to our national and economic security," said the agencies.
You can skip this ad in 5 seconds