In May 2019, Phoenix was contacted by researchers from Eclypsium about a security concern regarding our WinFlash and WinFlash32 drivers. Upon investigation, we found that some of the interfaces could be used in unintended ways, as described in the Eclypsium report. Phoenix began reworking the drivers to remove those interfaces.
In late June 2019, Phoenix made available to its customers the updated drivers signed with new certificates. In addition, we advised customers that prior certificates for these drivers would be revoked in early Austust.
The researchers at Eclypsium publicly disclosed their findings at DEC CON 27.
Phoenix would like to thank Mickey Shkatov and Jesse Michael from Eclypsium for reporting this issue and working with us on a coordinated disclosure.