#UEFISecurity

High-Risk Overflow Bug in Intel Chips Likely Impacts 100s of PC Models

by

June 20, 2024 at 05:10PM A critical vulnerability, CVE-2024-0762 “UEFIcanhazbufferoverflow,” affecting Intel processors has been detailed by Eclypsium researchers. The flaw in UEFI firmware may allow attackers to gain unauthorized access and execute malicious code. The widespread impact on various PC models running SecureCore firmware adds complexity to patching efforts, leaving organizations vulnerable until fixes … Read more

Critical ‘LogoFAIL’ Bugs Offer Secure Boot Bypass for Millions of PCs

by

December 1, 2023 at 04:01PM “LogoFAIL” exposes critical vulnerabilities in the PC’s UEFI ecosystem, impacting most devices worldwide, including those from top manufacturers. The flaw affects image-parsing during boot-up, enabling attackers to bypass security like Secure Boot. Binarly Research found that compromised images in the boot process could allow persistent malicious control. Vendor patches are … Read more

LogoFAIL attack can install UEFI bootkits through bootup logos

by

December 1, 2023 at 12:19PM Security researchers uncovered LogoFAIL vulnerabilities in UEFI firmware’s image parsers that can be exploited to deliver bootkits and bypass security during boot, affecting a wide range of devices across x86 and ARM architectures. Many consumer and enterprise devices from major manufacturers and UEFI vendors could be vulnerable, threatening boot process … Read more

LogoFAIL bugs in UEFI code allow planting bootkits via images

by

December 1, 2023 at 11:26AM LogoFAIL vulnerabilities, found within UEFI code’s image-parsing components, could let attackers hijack the boot process and deliver bootkits on various devices using ESP image file injection. Hundreds of devices across major vendors and architectures are at risk, with the full impact yet to be determined. Meeting Takeaways: 1. LogoFAIL refers … Read more