Identity governance administration (IGA) started life as a tool for organizations to meet a sudden surge of legal and regulatory requirements, but﻿ it has grown into a key enabler of security.

Omdia recently published a Market Radar on identity governance administration (IGA), in which we compared a number of the leading vendors in this sector. Let's look at some of the key takeaways from this report.

**IGA Is Modernizing to Adapt to Today's Environment**

IGA started life in the early 2000s as a tool for organizations to meet a sudden surge of legal and regulatory requirements. In other words, its initial purpose was compliance. However, as with another technology that came into existence for that purpose — security information and event management (SIEM) — it has grown into a key enabler of security as well. That's particularly notable now that the COVID-19 pandemic has turbocharged the digital transformation programs that were already underway, in a more cautious fashion, at most organizations.

**Atomization of the Workforce**

There are two dimensions to the problems that IGA seeks to address in the current environment. First, there is the "atomization of the workforce," a way of describing workers dispersing to home offices and remote sites, collaborating with contractors, suppliers, and partners as much as with colleagues and fellow employees. This is a process that was already underway long before the pandemic, but which was given new impetus by COVID. It is driven by business process outsourcing (BPO), the increasing ease of mobile computing, and, more broadly, by the changing work-life balance priorities of new generations entering work. In this context, COVID-19 merely accelerated the process, driving millions of knowledge workers around the world to work from home on a full-time basis. While some of them are returning to the office now, that return is frequently only partial, and flexible work is very much the spirit of the age.

In this environment, there is a shift in priorities to:

*   The ability to bring new employees into the workforce quickly, i.e. rapid onboarding.
*   The provision of the appropriate hardware, software, and, critically, services that they require to do their jobs.
*   The ability to keep up with the changes in their working practices as they move through the organization.

**Cloudification**

The second dimension is the cloudification of application infrastructures. Enterprise applications were already moving to the cloud long before the pandemic, to be delivered as a service. However, the impact of the pandemic was, again, to turbocharge that process. Applications used by employees and partners now needed to be in the cloud for ease of remote access, while apps for the consumer also rushed to the cloud, as online channels became the sole points of interaction with customers for many businesses. While IGA is not primarily designed to address the B2C identity requirement, it does deliver life-cycle management and entitlement control for the identities of developers, whose role became more critical as the pandemic accelerated digital transformation projects.

This backdrop explains the importance that Omdia attributes to the cloud, not only as a locus from which to deliver IGA, but also as the place where an increasing number of corporate assets now reside, which puts a new level of requirement of entitlements management.

**Where Is the IGA Market Heading?**

IGA has needed to evolve and modernize in recent years, and the pandemic has accelerated this process. Traditional IGA products/solutions were built to address user provisioning through the complex integration and systematic application of heavily engineered, role-based access control (RBAC) structures. Having cloud-based IGA products that offer APIs can be readily consumed and make connectivity easier to integrate.

IGA vendors need to adapt and evolve their products and services to better fit the current business environment. This involves the cloudification of their IGA products and launching new features such as APIs into their portfolios. IGA technology needs to move into the cloud, an inflection point that should bring with it opportunities for service providers. While large enterprises have traditionally onboarded and managed their employee identities themselves, that activity may have become cumbersome if they grow through M&A, while the B2B aspect can be even more challenging to a global multinational corporation. Service providers that can handle identity federation should scope out business opportunities in this context. Having a cloud-based approach will be critical in enabling IGA to work seamlessly with other services and simplifying the evolution to a future-proof IT security infrastructure.

Key Takeaways From Omdia's IGA Market Radar

Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome.
"Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks."

The feature was first

Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome.

"Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks."

The feature was first announced in May 2022 as part of a broader push to support a common passwordless sign-in standard.

Passkeys, established by the FIDO Alliance and also backed by Apple and Microsoft, aim to replace standard passwords with unique digital keys that are stored locally on the device.

To that end, creating a passkey requires confirmation from the end-user about the account that will be used to log in to the online service, followed by using their biometric information or the device passcode.

Signing in to a website on a mobile device is also a simple two-step process that entails selecting the account and presenting their fingerprint, face, or screen lock when prompted.

The most compelling advantage to Passkeys is that they are also browser and operating system-agnostic, meaning an Android user can log in to a passkey-enabled website using Safari on iOS or macOS, or the Chrome browser on Windows.

Google also noted that the generated passkeys are securely stored and synced to the cloud via its Password Manager to prevent lockouts, adding developers can integrate passkey support on their sites using the WebAuthn API.

The internet giant further said that it aims to release an API for native Android apps in 2022 that will give users a standardized way to select either a passkey or a saved password.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Google Rolling Out Passkey Passwordless Login Support to Android and Chrome

Protecting against data breaches requires detailed analysis of recent attacks for remediation and prevention.

Data continues to drive enterprise business needs and processes, spurring the need for a rapidly growing number of data stores in which to house it all. Data's inherent value and impact on business operations have made it a prime target for cybercriminals. This has led to a sharp rise in data breaches that have disrupted business continuity and compromised the security and compliance posture of enterprises globally. In these breaches, attackers are commonly exploiting blind spots and misconfigurations.

Protecting against data breaches requires detailed and close analysis of recent attacks for remediation steps and preventative measures. Issues common to recent cloud data breaches include:

**1\. Data Leakage Through Compliance Boundaries**

A hard lesson from the past decade is that there's no going back once data goes outside of the organizational control plane and often to public repositories. For this reason, security owners are responsible for keeping tabs on any possibility of exposure, assessing fallout when exposure occurs, and acting accordingly.

Data leakage is more common than one would think and is not limited to enterprises with smaller security budgets. For example, Nestle's sensitive data was briefly exposed to the world from its internal network before surfacing a few months later in an alleged cyberattack by Anonymous.

**2\. Publicly Exposed Buckets**

Data is an asset and should be protected as such, whether it be a backup, audit record, or arbitrary file. Access should be based on the principle of least privilege, and any deviation should be identified, monitored, and alerted upon.

This was not the case for some organizations using public cloud data stores such as Amazon S3 buckets and Microsoft Azure Blobs. Four airports in Colombia and Peru, for example, had an S3 bucket — containing 3TB of data on employees — that was publicly accessible and did not require authentication.  

Meanwhile, Turkish airline company Pegasus had an S3 Bucket without password protection, exposing roughly 6.5TB of data that included personally identifiable crew information, flight charts, and secrets from the airline's EFB (Electronic Flight Bag) system.

Doctors Me, an online Japanese medical consultation site, experienced something similar. The service stored patient images, uploaded by customers, in an S3 bucket without proper access authorization and authentication controls, exposing the sensitive data of nearly 12,000 people.

**3\. Database Misconfigurations**

In their most basic function, databases are protected internal components that hold various records or documents. They are typically encapsulated behind an application or a service that facilitates access to data according to predetermined business logic. As such, databases have the potential to enforce strict access controls and to limit network access, ensuring that only service accounts or authorized personnel can directly reach them.

Databases exposed to the Internet, especially with weak authentication, are low-hanging fruit for bad actors who are constantly scanning for exposed services. This was the case for a popular Iranian chat application called Raychat, where a simple bot detected a misconfigured instance of the service's MongoDB database. All the attackers had to do was clone the database's content, wipe the database, and leave behind a note asking for a hefty ransom.

**4\. Missing Encryption**

Encryption is one of the top three industry best practices for data protection, but it cannot be considered a full security suite, as data protection is built in layers. When one layer is breached, it's up to the next to hold the line. We see this reflected in risk assessments and audit submissions, where each component, especially missing fundamental layer like encryption, changes the risk score of many other components that make up the entire environment. With common issues like false reporting and missing encryption, how can security owners reliably qualify and test the entirety of their known and unknown environment with assumptions and semi-reliable information?

The Department of Education in New York City struggled with this question when an online grading and attendance system was breached. Roughly 820,000 biographic records of current and former public-school students were stored without proper encryption, allowing the adversary to easily compromise and extract those.

**How Can Organizations Avoid These Mistakes?**

1\. Take ownership of your data: 

*   Identify sensitive and "need to be protected" assets with periodic scans of your environment to discover any unknowns and surprises, such as new data stores and network policies. 
*   Classify and evaluate any solution within your stack that you own or consume. 

2\. Improve your data security posture: 

*   Assess data stores against industry best practice and compliance standards. 
*   Incorporate data security into your organizational DNA by creating dedicated owners, allocating resources for long-term projects, and establishing incident handling procedures. 

3\. Control your data: 

*   Scope and periodically approve the target audience ensuring that only they can access it via both network policies and RBAC. 
*   Implement a "second set of eyes" methodology when it comes to data replication, export, creation, or deletion. 

4\. Observe and triage anomalous activities: 

*   Monitor activities against sensitive data and configuration changes around classified data stores. 
*   Create an alerting and triage mechanism for abnormal business scenarios.

Cloud Data Breaches Are Running Rampant. What Are the Common Characteristics?

InterVision releases a new website focused on the customer experience, making B2B cybersecurity purchasing decisions easier.

**SAN JOSE, Calif. and ST. LOUIS, Oct. 12, 2022 /PRNewswire/** — InterVision, a leading information technology (IT) strategic service provider, announced today a corporate rebrand along with key findings from its Pulse study. Study results revealed that nearly half of all business leaders identify ransomware as the top threat to business operations. These announcements highlight the importance of doubling down on strategic cybersecurity measures.

The study ("Solving for Ransomware Threats: Insights Into Current Leadership Actions") shares insights from 100 IT leaders on ransomware's impact on business security. Surveyed IT leaders reported ransomware as one of the biggest threats to tech-related business in North America, with 45% citing ransomware as their top concern overall. The study also found that most organizations focus on ransomware attack recovery (46%) as opposed to prevention (21%). As a result, many IT systems cannot detect threats before they become critical to the organization. But when presented with the idea of Ransomware Protection as a Service (RPaaS), 90% of respondents were interested in the comprehensive strategy.

"With so many high-profile ransomware attacks over the past couple of years, organizations are starting to understand the urgency of implementing a ransomware protection strategy," said Allen Jenkins, CISO and VP of Cybersecurity Consulting at InterVision. "Respondents overwhelmingly identified the need to improve IT processes and technology. Creating the right bundle with Ransomware Protection as a Service (RPaaS) ensures multiple layers of protection and is a powerful step in the process of ransomware prevention."

InterVision's rebrand puts customer experience at the center of its website, making B2B cybersecurity purchasing decisions easier.

"Commitment to the customer experience has always set InterVision apart. Our suite of business continuity and disaster recovery services is best-in-class, and we prioritize customer service through 24/7 response offerings. Now, with an updated website, the customer experience is front and center from the beginning to the end of their engagement with InterVision," said Kathleen Amro, Vice President of Marketing at InterVision.

InterVision's refreshed website and brand also reflects the quality of the company's offerings — including RPaaS, which 90% of Pulse survey respondents reported interest in.

"With organizations facing the challenge of an ever-evolving threat landscape and global security talent shortage, InterVision's RPaaS will not only provide their customers with world-class protection but also the peace of mind that comes along with it," said Will Briggs, senior vice president of global channels, Arctic Wolf. "InterVision and Arctic Wolf both share a commitment to delivering positive security outcomes, and we are proud of how our security operations solutions play a key role in protecting and delighting our shared customers."

To view the full study, visit https://intervision.com/blog-solving-for-ransomware-threats/. For more information about InterVision offerings or to navigate the refreshed website, visit https://intervision.com/.

**About InterVision Systems  
**InterVision is the leading strategic services provider, delivering and supporting complex IT solutions for mid-to-enterprise and public sector organizations throughout the US. With more than 25 years of experience, coupled with one of the most comprehensive product portfolios of managed IT service offerings available, the company is uniquely positioned to guide clients through any stage of their technology journeys. InterVision drives business outcomes with an unparalleled focus on the customer experience to help organizations be more competitive, compliant, and secure. The company has headquarters in San Jose, CA, St. Louis, MO, and Richmond, Va. To learn more, visit www.intervision.com.

**SOURCE:** InterVision

InterVision Announces Study Identifying Ransomware as No. 1 Threat to Business Longevity

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks.

CVE-2022-41209

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.

CVE-2021-36915: Profile Builder – User Profile & User Registration Forms

Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.

CVE-2021-36899: Asset CleanUp: Page Speed Booster

Exposed code included private key for Intel Boot Guard, meaning it can no longer be trusted, according to a researcher.

Intel has confirmed the leak of the Unified Extensible Firmware Interface (UEFI) BIOS of Alder Lake, the company's code name for its latest processor — the 12th generation Intel Core processor — which debuted in late 2021. 

According to reports, the Intel UEFI code was first leaked late last week on 4chan, and later GitHub, and it contained 5.97GB of data. It was dated 9-30-22, likely when it was exfiltrated, analysts reported. "In addition, one thing should be noted that the key pairs required by Boot Guard during provisioning stage is also included in the leaked content," researchers from Hardened Vault who analyzed the leaked data explained. 

Researcher Mark Ermolov noted the same thing on Twitter on Oct. 8, adding, "... the Intel Boot Guard on the vendor's platforms can no longer be trusted." 

The researchers at Hardened Vault pointed out the code could be particularly useful for malicious actors who want to reverse engineer the code to find vulnerabilities. 

In a statement provided to Security Week, Intel acknowledged the breach, attributing it to a third-party and downplaying its potential security risk. "Intel does not believe this exposes, or creates, any new security vulnerabilities as we do not rely on obfuscation of information as a security measure," Intel said in a statement. "We are reaching out to customers, partners and the security research community to keep them informed of this situation." 

The Hardened Vault team said it hasn't been able to trace the data back to the leaker but suggested that the developer of the firmware solution, Insyde, might have more information to share. "But it is still impossible to confirm the person who leaked it," the team wrote. "The leak is part of Insyde solution which integrate Intel’s resources. Perhaps Insyde knows more than we do."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Intel Processor UEFI Source Code Leaked

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE‑2022-32486

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  
7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-32492

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  
7.5

  
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE‑2022-32486

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  
7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-32492

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  
7.5

  
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

See NVD (https://nvd.nist.gov/) for individual scores for each CVE.

  See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

**Product**

**Affected Version**

**Updated Version**

**BIOS Release Date (MM-DD-YYYY)**

Precision 5820 Tower

Versions before 2.21.0

2.21.0

09-14-2022

Precision 7820 Tower

Versions before 2.25.0

2.25.0

09-14-2022

Precision 7920 Tower

Versions before 2.25.0

2.25.0

09-14-2022

See NVD (https://nvd.nist.gov/) for individual scores for each CVE.

  See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

**Product**

**Affected Version**

**Updated Version**

**BIOS Release Date (MM-DD-YYYY)**

Precision 5820 Tower

Versions before 2.21.0

2.21.0

09-14-2022

Precision 7820 Tower

Versions before 2.25.0

2.25.0

09-14-2022

Precision 7920 Tower

Versions before 2.25.0

2.25.0

09-14-2022

**Kiitokset**

Dell Technologies would like to thank yngweijw for reporting CVE‑2022-32486 and CVE-2022-32492.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-09-22

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Precision 5820 Tower, Precision 7820 Tower, Precision 7920 Tower, Product Security Information

22 syysk. 2022

CVE-2022-32492: DSA-2022-169: Dell Client Precision 5820, 7820, and 7920 Tower BIOS Security Update

Red Hat Security Advisory 2022-6878-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: expat security update  
Advisory ID:       RHSA-2022:6878-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6878  
Issue date:        2022-10-11  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
expat-2.2.5-8.el8_6.3.src.rpm

aarch64:  
expat-2.2.5-8.el8_6.3.aarch64.rpm  
expat-debuginfo-2.2.5-8.el8_6.3.aarch64.rpm  
expat-debugsource-2.2.5-8.el8_6.3.aarch64.rpm  
expat-devel-2.2.5-8.el8_6.3.aarch64.rpm

ppc64le:  
expat-2.2.5-8.el8_6.3.ppc64le.rpm  
expat-debuginfo-2.2.5-8.el8_6.3.ppc64le.rpm  
expat-debugsource-2.2.5-8.el8_6.3.ppc64le.rpm  
expat-devel-2.2.5-8.el8_6.3.ppc64le.rpm

s390x:  
expat-2.2.5-8.el8_6.3.s390x.rpm  
expat-debuginfo-2.2.5-8.el8_6.3.s390x.rpm  
expat-debugsource-2.2.5-8.el8_6.3.s390x.rpm  
expat-devel-2.2.5-8.el8_6.3.s390x.rpm

x86_64:  
expat-2.2.5-8.el8_6.3.i686.rpm  
expat-2.2.5-8.el8_6.3.x86_64.rpm  
expat-debuginfo-2.2.5-8.el8_6.3.i686.rpm  
expat-debuginfo-2.2.5-8.el8_6.3.x86_64.rpm  
expat-debugsource-2.2.5-8.el8_6.3.i686.rpm  
expat-debugsource-2.2.5-8.el8_6.3.x86_64.rpm  
expat-devel-2.2.5-8.el8_6.3.i686.rpm  
expat-devel-2.2.5-8.el8_6.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY0WEINzjgjWX9erEAQg3HA/6AhnZ2/65V5s4y1qvZO51FTbTaudkGPRh  
1YQRPaa7QAfIW+T3gC+a4y0fH2QmowpxqRYnpGKb0MFKx+vCJWVn2GqxjA4wTmOF  
lf9x8MPHthgO/DlSO8yv9Qu10tVFgzY6tXGZ6eEJp9+93DPR3WWq62PDHOepHFEf  
36Uj0+IM4aJwBUpQKd0bqZavuqboAOXHYUJAp+k/OzRA0mr4ODYuUEx/1P18q0BG  
lR5NEUKad2F0KNmzEPUhAlSYTeNDwruYiQpE7I/r+EPcwnih6XKSUHvCcBanb83L  
n2yUlKPo1XG+vjD9YW2pWtEr0Ndx8KjiD642MalrFxxEu0y12kAX/fr21+nks88M  
gE2+Knwt8xY657B2cmRpE4ZbFKoQ/hABgWBvsXJ92XibbKcqcr12Sp83gp2Ukml4  
KWlfVYrW1+l/8IV0kFZtHINUHjpT4CpSysmLvPsdj7MiFRVqOjAGw5Ksq56AtC0g  
wH2gyrNEaunYvibml9OfzgeWUHZkVCu+sRaTFdl5HtLrD/rAXpGabrhJ2EnGapK4  
aCJf7fdUnVGc7VOqXtrT3/FIRMFY7HRr903EfjqATH7vjuZkWwKrZmj+kO8lEnYm  
ZyZtuTPyNbzkIosBhAoUOnUohF9nLQtybTJLthWFdDUjwqJW7SpriLQBDrWbFtY3  
q4cR2Key/C4=LoGO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#ios