Dell BIOS/UEFI Under Attack From New Vulnerabilities - Use FWUPD For The Latest Updates
Eclypsium has discovered multiple vulnerabilities around Dell's "BIOSConnect" feature within their BIOS/UEFI. These vulnerabilities could lead to a privileged network adversary impersonating Dell.com and gaining arbitrary code execution support at the BIOS/UEFI level. Some 128 different Dell models across their consumer and business devices are believed to be impacted.
This pre-boot remote execution code discovery can happen even on systems with Secure Boot enabled and other features.
More details on these nasty low-level vulnerabilities via Eclpysium.com.
Dell has been publishing updated BIOS/UEFI for not only their Windows customers but also posting the new firmware to LVFS so it can be deployed quickly on Linux. Those with Dell desktops and laptops should run sudo fwupdmgr update as soon as possible.