MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
logofail
Search

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack (ars technica)

Thursday December 7, 2023. 04:10 PM , from LWN.net
This
ars technica article describes how secure-boot firmware on a huge range
of systems can be subverted with a malicious image file:

As its name suggests, LogoFAIL involves logos, specifically those
of the hardware seller that are displayed on the device screen
early in the boot process, while the UEFI is still running. Image
parsers in UEFIs from all three major IBVs [independent BIOS
vendors] are riddled with roughly a dozen critical vulnerabilities
that have gone unnoticed until now. By replacing the legitimate
logo images with identical-looking ones that have been specially
crafted to exploit these bugs, LogoFAIL makes it possible to
execute malicious code at the most sensitive stage of the boot
process.
Read more at LWN.net
https://lwn.net/Articles/953985/

Related News

logofail Doom is 30, and so is Windows NT. How far we haven't come TheRegisterDec 19
ars Windows 11’s new Backup app: Everything you need to know PC WorldDec 19
device Internet's deep-level architects slam US, UK, Europe for pushing device-side scanning TheRegisterDec 19
firmware This Microsoft Office Pro and Windows 11 bundle makes a great last-minute gift and it's only $49.97 BoingBoingDec 18
technica Microsoft puts the 'why?' in Wi-Fi with latest Windows patch TheRegisterDec 18
malicious Windows 11 users can now create their own custom voice commands BetaNewsDec 18
image Distribution Release: Manjaro Linux 23.1.0 DistroWatchDec 16
just Manjaro Linux 23.1.0 'Vulcan' now available to download -- choose from GNOME, Plasma, and XFCE editions BetaNewsDec 15
boot Kraft Heinz suggests we simmer down about Snatch ransomware attack claims TheRegisterDec 15
are Open to attack: The risks of open-source software attacks BetaNewsDec 15
process Best Windows apps this week BetaNewsDec 15
linux Privacy-focused Proton launches macOS and Windows Proton Mail desktop app in beta BetaNewsDec 15
about Google Releases On-Device Diagnostics Tool, Repair Manuals For Pixel Phones SlashdotDec 15
attack Supply Chain Attack Targeting Ledger Crypto Wallet Leaves Users Hacked SlashdotDec 14
windows Linux Kernel of the Beast 6.6.6 exorcised by angelic 6.6.7 update TheRegisterDec 14
logofail Microsoft embraces its inner penguin with Linux-powered Windows AI Studio TheRegisterDec 14
ars Vivaldi 6.5 adds new Sessions Panel, adds full browsing history to device sync BetaNewsDec 14
device UK government woefully unprepared for 'catastrophic' ransomware attack TheRegisterDec 14
firmware Experimental Windows 11 build gains a protected print mode BetaNewsDec 13
technica Windows 11 Build 23606 rolls out -- the last Dev Channel release of the year BetaNewsDec 13
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Apr, Sun 28 - 12:11 CEST