July 25, 2024 at 05:45PM UEFI products from 10 vendors are vulnerable to compromise due to a critical firmware supply-chain issue called PKfail, allowing attackers to bypass Secure Boot and install malware. The affected devices use a test Secure Boot master key from American Megatrends International, which often remains untrusted by OEMs. Vendors are advised … Read more
December 1, 2023 at 12:19PM Security researchers uncovered LogoFAIL vulnerabilities in UEFI firmware’s image parsers that can be exploited to deliver bootkits and bypass security during boot, affecting a wide range of devices across x86 and ARM architectures. Many consumer and enterprise devices from major manufacturers and UEFI vendors could be vulnerable, threatening boot process … Read more
December 1, 2023 at 11:26AM LogoFAIL vulnerabilities, found within UEFI code’s image-parsing components, could let attackers hijack the boot process and deliver bootkits on various devices using ESP image file injection. Hundreds of devices across major vendors and architectures are at risk, with the full impact yet to be determined. Meeting Takeaways: 1. LogoFAIL refers … Read more