Hello, welcome to the Wednesday, May 5th, 2021 edition of the Sansonet Stormontas Stormcast.

My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

After Apple patching everything yet again yesterday, Google today followed with its regular patch Tuesday.

Nothing out of the ordinary here, nothing at least labeled as being already being exploited,

but there are a number of critical remote code execution vulnerabilities.

And then again, remember if you do see May 1st as your patch level, that means that you have the May

patches installed.

If it says May 5th, then you also have prior security updates, including the May 1 installed.

So that's really sort of what you're going for.

If you're using a Google Pixel phone, then you received additional patches for various

kernel and Qualcomm components.

Keeping your firmware up to date on various devices is tricky and Dell tries to help you out here by providing some firmware

update drivers with all Dell computers. Sadly, Sentinel Labs figured out that these drivers

suffer from a privilege escalation vulnerability, providing a user with full kernel level access.

What makes this such a big deal is that these drivers have shipped with this particular

vulnerability since 2009 on all Dell desktops, laptops, and tablets.

So pretty much anything Dell shipped that wasn't a server is affected by this vulnerability.

And I think the headline here from Sentinel Labs who found this particular vulnerability

stating that hundreds of millions of Dell computers are at risk is

probably not overstating the problem here. So if you have any system with a Dell label on it,

you better head over to the Dell website. They have a more detailed list of what's exactly

...