From TFA: These vulnerabilities would have allowed an attacker who claimed the S3 bucket to offer malicious firmware updates to Linux desktops and servers running legacy versions of fwupd.<p>Some extra discussion can be found in a Twitter thread[0] from the person who discovered the issues.<p>[0] <a href="https://twitter.com/justinsteven/status/1270113960021209088" rel="nofollow">https://twitter.com/justinsteven/status/1270113960021209088</a>