The bugs let hackers crash IoT devices , leak Attack.Databreach their information , and completely take them over . Researchers have found Vulnerability-related.DiscoverVulnerability that a popular Internet of Things real-time operating system – FreeRTOS – is riddled with serious vulnerabilities . The bugs could allow hackers to crash connected devices in smart homes or critical infrastructure systems , leak Attack.Databreach information from the devices ’ memory , and take them over . And while patches have been issued Vulnerability-related.PatchVulnerability , researchers warn that it still may take time for smaller vendors to update Vulnerability-related.PatchVulnerability . Researcher Ori Karliner , with Zimperium ’ s zLabs team , recently analyzed some of the leading operating systems in the IoT market – including FreeRTOS , an open-source OS specifically designed for the microcontrollers that are within IoT devices . Within several versions of FreeRTOS , Karliner found Vulnerability-related.DiscoverVulnerability 13 vulnerabilities enabling an array of attacks , including remote code execution , information leak and denial-of-service bugs . “ During our research , we discovered Vulnerability-related.DiscoverVulnerability multiple vulnerabilities within FreeRTOS ’ s TCP/IP stack and in the AWS secure connectivity modules . The same vulnerabilities are present in Vulnerability-related.DiscoverVulnerability WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS , ” according to a Thursday post by zLabs . The vulnerabilities specifically exist in Vulnerability-related.DiscoverVulnerability FreeRTOS ’ s TCP/IP stack and in the AWS secure connectivity modules ( in as well as in the WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS ) . These vulnerabilities include four remote code execution bugs ( CVE-2018-16522 , CVE-2018-16525 , CVE-2018-16526 , and CVE-2018-16528 ) ; seven information leak vulnerabilities ( CVE-2018-16524 , CVE-2018-16527 , CVE-2018-16599 , CVE-2018-16600 , CVE-2018-16601 , CVE-2018-16602 , CVE-2018-16603 ) one denial of service flaw ( CVE-2018-16523 ) and a final ( CVE-2018-16598 ) that was unspecified . zLabs said Vulnerability-related.DiscoverVulnerability it has disclosed Vulnerability-related.DiscoverVulnerability the security issues to Amazon and collaborated with them to patch Vulnerability-related.PatchVulnerability the vulnerabilities . Those fixes were deployed Vulnerability-related.PatchVulnerability for AWS FreeRTOS versions 1.3.2 and onwards . The vulnerabilities in RTOS WHIS were also patched Vulnerability-related.PatchVulnerability . Amazon did not respond to a request for comment from Threatpost . Due to the amount of vendors impacted Vulnerability-related.DiscoverVulnerability by the bugs , the researchers said Vulnerability-related.DiscoverVulnerability that they would hold off on publishing Vulnerability-related.DiscoverVulnerability further details until all holes have been sealed Vulnerability-related.PatchVulnerability .