- cross-posted to:
- linux@lemmy.ml
- cross-posted to:
- linux@lemmy.ml
UEFIs booting Windows and Linux devices can be hacked by malicious logo images.
Dan Goodin - 12/6/2023, 3:02 PM
UEFIs booting Windows and Linux devices can be hacked by malicious logo images.
Dan Goodin - 12/6/2023, 3:02 PM
https://www.darkreading.com/endpoint-security/critical-logofail-bugs-secure-boot-bypass-millions-pcs seems better, it at least mentions that the logo files have to be placed on the EFI System partition to be loaded by the vulnerable code.
FTA, emphasis mine:
Sure, but physical access is already no bueno.
I wonder whether this could also be exploited remotely. IIRC, my mainboard vendor provides software to update the boot logo from within the OS. I don’t think it requires any physical interaction. It does require admin rights tho.
That’s what I get for reading it on mobile while parenting. Lol. Thanks, I obviously missed that.