Risky Bulletin Newsletter
July 03, 2026
Risky Bulletin: FatFs bugs enable physical access attacks on a load of devices
Presented by
News Editor
The developers of a lot of industrial gear and smart devices will have their work cut out for them over the coming months and years to deploy protections against a set of newly discovered and unpatched bugs in the FatFs filesystem driver.
The seven bugs, discovered by security firm runZero, can allow an attacker to use a crafted filesystem image to cause a memory corruption that runs malicious code to jailbreak a targeted device.
Devices that use FatFs for their filesystem are all impacted.