Month: February 2024

Enlarge

Linux developers are in the process of patching a high-severity vulnerability that, in certain cases, allows the installation of malware that runs at the firmware level, giving infections access to the deepest parts of a device where they’re hard to detect or remove.

The vulnerability resides in shim, which in the context of Linux is a small component that runs in the firmware early in the boot process before the operating system has started. More specifically, the shim accompanying virtually all Linux distributions plays a crucial role in secure boot, a protection built into most modern computing devices to ensure every link in the boot process comes from a verified, trusted supplier. Successful exploitation of the vulnerability allows attackers to neutralize this mechanism by executing malicious firmware at the earliest stages of the boot process before the Unified Extensible Firmware Interface firmware has loaded and handed off control to the operating system.

The vulnerability, tracked as CVE-2023-40547, is what’s known as a buffer overflow, a coding bug that allows attackers to execute code of their choice. It resides in a part of the shim that processes booting up from a central server on a network using the same HTTP that the Internet is based on. Attackers can exploit the code-execution vulnerability in various scenarios, virtually all following some form of successful compromise of either the targeted device or the server or network the device boots from.

Enlarge / Mifepristone (Mifeprex) and Misoprostol, the two drugs used in a medication abortion, are seen at the Women's Reproductive Clinic, which provides legal medication abortion services, in Santa Teresa, New Mexico, on June 17, 2022. (credit: Getty | Robyn Beck)

Scientific journal publisher Sage has retracted key abortion studies cited by anti-abortion groups in a legal case aiming to revoke regulatory approval of the abortion and miscarriage medication, mifepristone—a case that has reached the US Supreme Court, with a hearing scheduled for March 26.

On Monday, Sage announced the retraction of three studies, all published in the journal Health Services Research and Managerial Epidemiology. All three were led by James Studnicki, who works for The Charlotte Lozier Institute, a research arm of Susan B. Anthony Pro-Life America. The publisher said the retractions were based on various problems related to the studies' methods, analyses, and presentation, as well as undisclosed conflicts of interest.

Two of the studies were cited by anti-abortion groups in their lawsuit against the Food and Drug Administration (Alliance for Hippocratic Medicine v. FDA), which claimed the regulator's approval and regulation of mifepristone was unlawful. The two studies were also cited by District Judge Matthew Kacsmaryk in Texas, who issued a preliminary injunction last April to revoke the FDA's 2000 approval of mifepristone. A conservative panel of judges for the 5th Circuit Court of Appeals in New Orleans partially reversed that ruling months later, but the Supreme Court froze the lower court's order until the appeals process had concluded.