A Timesys Deep Dive Embedded Systems Newsletter

January 2023

"It is possible to initiate the attack remotely:" Critical CVE found in LibTIFF

According to the CVE Program, a new vulnerability in LibTIFF classified as critical can be exploited remotely. 

“This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be.

It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.”

Need more info on these vulnerabilities?

 

We launched the Timesys CVE Dashboard and update it weekly with details on the dangerous security vulnerabilities that could be affecting your device.

Take me to the CVE Dashboard
Vigiles Updates

Vigiles supports industry-standard formats for SBOMs, making it easier to ingest and export essential data

In the newest Vigiles update released at the end of December, Timesys implemented some exciting new features such as the ability to download and import SBOMs in industry-standard formats like SPDX, SPDX-lite, and CycloneDX!

Why is this so important? With the variety of different SBOMs types required for each stage of a product’s lifecycle and the various tools needed to process them, the need for standardized SBOM formats and definitions has never been clearer. To this end, CISA recently worked with the embedded cybersecurity community to define and classify six primary types of SBOMs and their compositions. For more information on the different types of SBOMs, check out our most recent blog below!

Holiday Recap

Missed the Timesys Advent Calendar?

In addition, there’s still time to take advantage of the Timesys Lunch & Learn opportunity! If you’re not sure where to start when it comes to securing your products, embedded Linux devices, or customizing Yocto, or you’re looking to refresh your company on best security practices, a Lunch & Learn is a great and simple way to start! To get started with setting up a customized Lunch & Learn session for you and/or your company, click the link below:

In honor of the holidays, Timesys hosted an Advent Calendar throughout December featuring security tips, tools, and tricks to help you get more secure in the New Year.

Missed the webinar series on designing OTA updates for secure embedded Linux systems or the Timesys eBook on cybersecurity? You can catch up on each of the holidays gifts at the Timesys Advent Calendar page below!

Learn with Timesys

How to Actually Understand and Use the 6 Different Types of CISA SBOMs

 

What is an SBOM, why is it important, what’s in it, and how is CISA helping to standardize SBOMs?

In our newest blog, learn how an SBOM is like a list of ingredients in a cake recipe or materials and food needed for a barbeque, the essential information that SBOMs can provide, and what are the six different types of SBOMs classified by CISA.

Events Around the World You Don't Want to Miss

Upcoming

4th Annual Medical Device & Diagnostic Cybersecurity Conference

Sheraton Brussels Airport Hotel, Belgium

March 1 – 2

For the fourth year in a row, this dual-track conference features exclusive dedicated interactive sessions that will provide new insights and latest development on medical device software, safety, and security. Join Timesys for an exciting roundtable discussion on how to rethink and overcome cybersecurity challenges! 

Vulnerability Management for Embedded

Tools & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM

February 16 @ 12 PM EDT / 9 AM PT

In this monthly live webinar and Q&A session, you’ll learn essential ways to avoid a five-figure mistake along with:

– Why you need to manage your open-source software risks
– How to generate an accurate SBOM (Software Bills of Materials) and why it matters
– Tools and techniques to monitor and remediate vulnerabilities in your SBOM
– And much more!

Subscribe to our newsletter so you don’t miss a thing.