Many commercial computers are vulnerable to a set of vulnerabilities that exploit flaws in the processing of startup logos during boot.
ADVERTISEMENT. Security researchers at Binarly have disclosed security vulnerabilities in system firmware used by computer manufacturers during the boot process.
The vulnerability impacts x86 and ARM-based devices.
The set of vulnerabilities is found in BIOS software created by different companies, including the three largest independent bios vendors AMI, Insyde and Phoenix.
In simple terms, LogoFail exploits vulnerabilities in image parsers that affected devices use to display vendor logos during boot.
A hacker needs to replace the vendor image with a specially prepared one to exploit the vulnerability and execute arbitrary code on the machine.
The images are then parsed during boot and this initiates the attack on the device.
The attack allows attackers to bypass security features such as Secure Boot.
Binarly notes that this also affects hardware-based Verified Boot systems, including Intel Boot Guard, AMD Hardware-Validated Boot and ARM TrustZone-based Secure Boot.
In other words, attackers may exploit LogoFail to compromise the security of many computer systems.
Attackers need to gain administrative access on target devices to exploit the vulnerability.
Once access is gained, the attacker would replace the vendors boot logo with a malicious logo, which the device would then load during boot.
An attacker would be able to disable UEFI security features, such as SecureBoot, modify the boot order and execute malicious software to infect operating systems.
Firmware updates are available or will be released for some of the affected devices.
Administrators may want to check for firmware updates for devices that they manage that address the vulnerabilities.
Not all devices will receive firmware updates, however.
Especially devices that are no longer in support may not receive them.
Users on devices without firmware updates need to be extra cautious and use protections to avoid the initial attack on the device.
Additional information about the vulnerability is found on the Binarly website and on the CERT database.
LogoFail vulnerability affects Windows and Linux device.
This Cyber News was published on www.ghacks.net. Publication date: Fri, 08 Dec 2023 06:43:05 +0000