LogoFAIL bugs in UEFI code allow planting bootkits via images

Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver bootkits. Because the issues are in the image parsing libraries, which vendors use to show logos during the booting routine, they have a broad impact and extend to x86 and ARM architectures. According to researchers at firmware supply chain security platform Binarly, the branding has introduced unnecessary security risks, making it possible to execute malicious payloads by injecting image files in the EFI System Partition. Abusing image parsers for attacks on the Unified Extensible Firmware Interface was demonstrated in 2009 when researchers Rafal Wojtczuk and Alexander Tereshkin presented how a BMP image parser bug could be exploited to infect the BIOS for malware persistence. Discovering the LogoFAIL vulnerabilities started as a small research project on attack surfaces from image-parsing components in the context of custom or outdated parsing code in UEFI firmware. The researchers found that an attacker could store a malicious image or logo on the EFI System Partition or in unsigned sections of a firmware update. "When these images are parsed during boot, the vulnerability can be triggered and an attacker-controlled payload can arbitrarily be executed to hijack the execution flow and bypass security features like Secure Boot, including hardware-based Verified Boot mechanisms" - Binarly. Planting malware in such a way ensures persistence on the system that is virtually undetected, as illustrated in past attacks leveraging infected UEFI components [1, 2]. LogoFAIL does not affect runtime integrity because there is no need to modify the bootloader or the firmware, a method seen with the BootHole vulnerability or the BlackLotus bootkit. In a video that Binarly shared privately with BleepingComputer, running the proof-of-concept script and rebooting the device resulted in creating an arbitrary file on the system. The researchers highlight that because it is not silicon-specific LogoFAIL vulnerabilities impact vendors and chips from multiple makers. The issues are present in products from many major device manufacturers that use UEFI firmware in consumer and enterprise-grade devices. Binarly has already determined that hundreds of devices from Intel, Acer, Lenovo, and other vendors are potentially vulnerable, and so are the three major independent providers of custom UEFI firmware code: AMI, Insyde, and Phoenix. It is also worth noting that the exact scope of the impact of LogoFAIL is still being determined. "While we are still in the process of understanding the actual extent of LogoFAIL, we already found that hundreds of consumer- and enterprise-grade devices are possibly vulnerable to this novel attack," the researchers say. The full technical details for LogoFAIL are to be presented on December 6 at the Black Hat Europe security conference in London. According to the summary of the LogoFAIL presentation, the researchers disclosed their findings to multiple device vendors and to the three major UEFI providers. Zyxel warns of multiple critical vulnerabilities in NAS devices. UK and South Korea: Hackers use zero-day in supply-chain attack. Critical bug in ownCloud file sharing app exposes admin passwords.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 01 Dec 2023 16:25:07 +0000


Cyber News related to LogoFAIL bugs in UEFI code allow planting bootkits via images

LogoFAIL bugs in UEFI code allow planting bootkits via images - Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver ...
10 months ago Bleepingcomputer.com
LogoFAIL attack can install UEFI bootkits through bootup logos - Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver ...
10 months ago Bleepingcomputer.com
UEFI Failing: What to Know About LogoFAIL Attacks - Security researchers, known for their inquisitive and unconventional methods, have recently scrutinized UEFI, revealing significant vulnerabilities called LogoFAIL vulnerabilities. These experts, who investigate systems to uncover unusual ways to ...
9 months ago Securityboulevard.com
LogoFAIL Attack: A Deep Dive into UEFI Vulnerabilities - A new threat has emerged, sending shockwaves through the cybersecurity industry - the LogoFAIL attack. This vulnerability targets the image-parsing components within the UEFI code, affecting a multitude of devices and posing a serious risk to the ...
10 months ago Securityboulevard.com
What Is Patch Management? - Containers are created using a container image, and a container image is created using a Dockerfile/Containerfile that includes instructions for building an image. Considering the patch management and vulnerability management for containers, let's ...
8 months ago Feeds.dzone.com
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack - Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or ...
10 months ago Arstechnica.com
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs - Researchers have uncovered "LogoFAIL," a set of critical vulnerabilities present in the Unified Extensible Firmware Interface ecosystem for PCs. Exploitation of the vulnerabilities nullify essential endpoint security measures and provide attackers ...
10 months ago Darkreading.com
Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images - Firmware security company Binarly on Wednesday disclosed the details of an attack method that can be used to compromise many consumer and enterprise devices by leveraging malicious UEFI logo images. The attack method, dubbed LogoFAIL, exploits ...
10 months ago Securityweek.com
New Windows/Linux Firmware Attack - LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The vulnerabilities are ...
10 months ago Schneier.com
Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot - Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot Lenovo, AMI and Insyde have released patches for LogoFAIL, an image library poisoning attack. Researchers at firmware supply chain security platform ...
10 months ago Techrepublic.com
PixieFail flaws impact PXE network boot in enterprise systems - A set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers. The ...
8 months ago Bleepingcomputer.com
LogoFail vulnerability affects many Windows and Linux devices - Many commercial computers are vulnerable to a set of vulnerabilities that exploit flaws in the processing of startup logos during boot. ADVERTISEMENT. Security researchers at Binarly have disclosed security vulnerabilities in system firmware used by ...
10 months ago Ghacks.net
UEFI exploit 'worse than BlackLotus' pwns PCs using images The Register - Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers. Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could ...
10 months ago Go.theregister.com
9 UEFI Flaws Expose Computers to Remote Attacks - Hackers exploit UEFI flaws to gain unauthorized access to a system's firmware, enabling them to implant persistent malware or manipulate the boot process. This provides a stealthy entry point that allows attackers to bypass traditional security ...
8 months ago Gbhackers.com
LogoFAIL - LogoFAIL refers to a set of vulnerabilities found in the Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs). These vulnerabilities are present in image parsing libraries embedded into the firmware. ...
10 months ago
Docker Image Building Best Practices - Starting with a basic, minimum image is essential when creating Docker images. They let you utilize numerous Docker images throughout the build process, which helps to reduce the size of the final image by removing unneeded build artifacts. Docker ...
9 months ago Feeds.dzone.com
The AI-Generated Child Abuse Nightmare Is Here - Over the course of September, analysts at the IWF focused on one dark web CSAM forum, which it does not name, that generally focuses on "Softcore imagery" and imagery of girls. Within a newer AI section of the forum, a total of 20,254 AI-generated ...
10 months ago Wired.com
but that doesn't mean we shouldn't be concerned - These images, believed to be created using Microsoft Designer, garnered widespread attention and highlighted the ever-growing challenge of AI-generated fake pornography. As these images rapidly spread across the platform, the incident not only ...
8 months ago Blog.avast.com
PixieFail Bugs in UEFI Open Source Implementation Threaten Computers - A collection of security vulnerabilities found within the de facto open source implementation of the UEFI specification could expose systems to a range of threats, from remote code execution and denial-of-service to data leakage and DNS cache ...
8 months ago Securityboulevard.com
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security - Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity. For the second straight month, ...
9 months ago Darkreading.com
License Plate Readers Are Creating a US-Wide Database of Political Lawn Signs and Bumper Stickers | WIRED - These images were generated by AI-powered cameras mounted on cars and trucks, initially designed to capture license plates, but which are now photographing political lawn signs outside private homes, individuals wearing T-shirts with text, and ...
1 week ago Wired.com
Expanding the Availability of CIS Hardened Images on Oracle - Some IT and security leaders lack confidence in their ability to secure their workloads in the cloud. That's not necessarily affecting public cloud spending. According to Gartner, global end-user spending on public cloud services will reach $591.8 ...
1 year ago Cisecurity.org
BreachForums admin 'Pompourin' gets 20-year sentence The Register - Last Friday the US District Court for the Eastern District of Virginia ruled [PDF] that Fitzpatrick will spend the next 20 years of his life on supervised release. For the first two years he'll be under home arrest and tracked by a GPS device, and ...
8 months ago Go.theregister.com
Microsoft Gives Admins a Reprieve With Lighter-Than-Usual Patch Update - In what's sure to be a refreshing break for IT and security teams, Microsoft's monthly security update for December 2023 contained fewer vulnerabilities for them to address than in recent months. The update included fixes for a total of 36 ...
10 months ago Darkreading.com
CVE-2023-52474 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)