13 points by achristmascarl 21 days ago | 1 comments
Patient Monitor Contec CMS8000 Contains a Backdoor(cisa.gov) This fact sheet details an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health (HPH) sector. Analysts discovered that an embedded backdoor function with a hard-coded IP address, CWE – 912: Hidden Functionality (CVE-2025-0626), and functionality that enables patient data spillage, CWE – 359: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2025-0683), exists in all versions analyzed.
Microsoft patches Windows to eliminate Secure Boot bypass threat(arstechnica.com) For the past seven months—and likely longer—an industry-wide standard that protects Windows devices from firmware infections could be bypassed using a simple technique. On Tuesday, Microsoft finally patched the vulnerability. The status of Linux systems is still unclear.
Autocorrect in Your Keyboard Firmware (2021)(getreuer.info) Autocorrect is now a core QMK feature! It was released on 2022-11-26. Update your QMK set up and see QMK Autocorrect. Or if you want, you may continue to use the userspace implementation described in this page.
Intel ME Cleaner(github.com/corna) me_cleaner is a Python script able to modify an Intel ME firmware image with the final purpose of reducing its ability to interact with the system.
A brief history of Mac firmware(eclecticlight.co) Firmware, software that’s intimately involved with hardware at a low level, has changed radically with each of the different processor architectures used in Macs.
5 points by todsacerdoti 159 days ago | 0 comments
AMD Plans for Open-Source Firmware OpenSIL replacing AGESA blobs for Zen 6(phoronix.com) Last year to much excitement in our community was the new AMD project announcement of openSIL as an open-source CPU silicon initialization project that is an advancement for open-source firmware and to eventually replace AMD's AGESA across both client and server processors.