New Security Flaw in UEFI Affects Millions of PCs

It’s important to stay on top of security updates in this ever-changing online world. New vulnerabilities and issues on our hardware and software pop up every day, after all, and hackers and cybercriminals don’t waste a second to take advantage of them. Now, a dangerous vulnerability has been discovered that affects countless computers through UEFI.

A new vulnerability dubbed LogoFAIL has been uncovered and documented by researchers. It’s an issue in the Unified Extensible Firmware Interface (UEFI), the piece of software that’s responsible for booting most Windows and Linux computers, or what you would usually call a BIOS on modern devices. The attack, presented at the Black Hat Security Conference in London, allows for the execution of malicious firmware early in the boot-up sequence.

The attack comprises two dozen vulnerabilities in image parsers within UEFIs, thus affecting nearly all x64 and ARM CPU ecosystems. Worryingly, these vulnerabilities have gone unnoticed for years, if not decades, and are the result of extensive research by Binarly, a security firm specializing in identifying and securing vulnerable firmware. LogoFAIL targets logos displayed on the device screen during the early boot process, exploiting vulnerabilities in image parsers to replace legitimate logos with infected files. This manipulation allows the execution of arbitrary code during the Driver Execution Environment (DXE) phase, compromising platform security.

LogoFAIL can be executed remotely and bypass traditional protections such as Secure Boot and Intel’s Secure Boot. Once arbitrary code execution is achieved during the DXE phase, the attackers gain full control over the memory and disk of the target device, including the operating system. Imagine if a hacker could control your computer right from the moment you turn it on—they could access all your files, monitor what you do, or even install harmful programs. That’s why LogoFAIL is a big problem.

Affected parties, including UEFI suppliers, device manufacturers, and CPU makers, are releasing advisories with information on vulnerable products and security patches, so you should keep an eye out for a BIOS update to be released sometime soon for your computer or laptop. Notably, Mac computers are not affected—the vulnerability doesn’t work on Intel Macs, and Apple Silicon Macs don’t use UEFI at all.

Source: Ars Technica


Leave a Comment