St. Jude Medical has patched a vulnerability in another Merlin@home Transmitter medical device vulnerable to a man-in-the-middle attack. The vulnerability allows a skilled remote attacker to access or influence communications between Merlin.net and transmitter endpoints The medical device maker issued a software update that mitigates the vulnerability. The update expands the number of devices impacted by a high-severity vulnerability identified in a Jan. 9 advisory affecting RF models of the same medical device.
Source: https://threatpost.com/st-jude-patches-additional-cardiac-device/123596/