- cross-posted to:
- linux@lemmy.ml
- cross-posted to:
- linux@lemmy.ml
UEFIs booting Windows and Linux devices can be hacked by malicious logo images.
Dan Goodin - 12/6/2023, 3:02 PM
UEFIs booting Windows and Linux devices can be hacked by malicious logo images.
Dan Goodin - 12/6/2023, 3:02 PM
That is a terrible article that leaves out pretty much everything important about the actual exploit and instead has lots of general information that most people who would be in the position to have to patch this on large numbers of machines already know.
Edit: nevermind, it is just a case of those multi-page articles for advertising reasons.
https://www.darkreading.com/endpoint-security/critical-logofail-bugs-secure-boot-bypass-millions-pcs seems better, it at least mentions that the logo files have to be placed on the EFI System partition to be loaded by the vulnerable code.
FTA, emphasis mine:
Sure, but physical access is already no bueno.
I wonder whether this could also be exploited remotely. IIRC, my mainboard vendor provides software to update the boot logo from within the OS. I don’t think it requires any physical interaction. It does require admin rights tho.
That’s what I get for reading it on mobile while parenting. Lol. Thanks, I obviously missed that.