A vulnerability has been discovered in Apple products, which could allow for privilege escalation. Successful exploitation of this vulnerability could allow for privilege escalation in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568.
IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.
Add a launchd agent for macOS
Add a new security attribute for BIOS capsule updates to be enabled
Add functionality to fix specific host security attributes
Add global information from the context into the report data
Add support for coSWID payload sections
Add support for parsing the EDID
Allow adding only-quirk instance IDs from quirk files
Install a sysusers.d systemd file when using -Dsystemd_unit_user
This release fixes the following bugs:
Allow devices to require a connected display
Allow Wacom modules to specify a status polling interval
Do not show Intel CET unsupported as success
Do not show multiple Genesys GL32xx devices for the same physical device
Fix a fuzzing timeout in the HID descriptor parser
Recalculate the SUPPORTED flag after adopting a child device
Reduce the amount of memory used when chunking large firmware
Speed up logitech-bulkcontroller firmware updates
Stop reading ownership and TPM flashes left in Dell plugin
Try to use the LVFS when using report-history –force
Write the coSWID TAG_ID as a bytestring when possible
This release adds support for the following hardware:
AMD dGPUs, Navi3x and above
Foxconn SDX12, SDX55 and SDX6X devices
Google Rex Intel USB-4 retimers
MediaTek DP AUX Scalers
Quectel EM160 module
Star Labs StarBook Mk VIr2
VLI VL105-VL109
Wacom DTH134 and DTC121 Tablets
A joint advisory from the United States’s National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) has shone a light on the top ten most common cybersecurity misconfigurations found in large private and public organisations.
Read more in my article on the Tripwire State of Security blog.
