Two critical vulnerabilities have been discovered in mission-critical systems used in 500 million devices, including VoIP phones, telecom equipment, military routing devices, automobile controls and spacecraft. Last week at the Security B-Sides and DEFCON conferences in Las Vegas, HD Moore, chief security officer at Rapid7 and founder and chief architect of Metasploit, disclosed two critical vulnerabilities in VxWorks, which is used to power Apple Airport Extreme access points, Mars rovers and C-130 Hercules aircrafts, in addition to microwaves, switches, sensors, telecom equipment and industrial control monitors. VxWorks has a service enabled by default that provides read or write access to a device's memory and allows functions to be called, Moore told SCMagazineUS.com. The vulnerable service, called WDB agent, is a “debugger” for the VxWorks operating system that is used to diagnose problems and ensure code is working properly when a product is being developed.

**Hidden Content: Check the thread to see hidden data.**