Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions


A supply chain risk has been highlighted by the discovery of out-of-date versions of the OpenSSL cryptographic library in firmware images spanning devices manufactured by Dell, HP, and Lenovo. InfineonTpmUpdateDxe, one of the firmware modules, additionally utilised OpenSSL version 0.9.8zb, which was released on August 4, 2014.

EFI Development Kit, also referred to as EDK, is an open source implementation of the Unified Extensible Firmware Interface (UEFI), which serves as an interface between the operating system and the firmware that is built into the hardware of the device.

Read More…