#UEFIvulnerability

PKfail Secure Boot bypass lets attackers install UEFI malware

by

July 25, 2024 at 05:45PM UEFI products from 10 vendors are vulnerable to compromise due to a critical firmware supply-chain issue called PKfail, allowing attackers to bypass Secure Boot and install malware. The affected devices use a test Secure Boot master key from American Megatrends International, which often remains untrusted by OEMs. Vendors are advised … Read more

Phoenix UEFI flaw puts long list of Intel chips in hot seat

by

June 21, 2024 at 12:30PM A new UEFI firmware vulnerability (CVE-2024-0762, CVSSv3: 7.5) disclosed by Eclypsium affects Phoenix Technologies’ UEFI firmware, potentially impacting various Intel chip families back to Kaby Lake. Exploiting a Trusted Platform Module (TPM) configuration flaw, it poses a threat despite having a TPM in the device. Mitigations and patches have been … Read more