BrianKrebs: Boosting Dan Goodin (dangoodin): If you use a Windows or Linux device, it’s vulnerable to a new post-exploit attack that can remotely install an undetectable backdoor at the UEFI level. Updates from just about every vendor available today. Impressive work from @matrosov and the rest of Binarly.
The article whose link I removed from the toot is titled Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack and must be read.
This is so bad, that if gotten, it’ll execute malicious code early in the boot process.
LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The vulnerabilities are the product of almost a year’s worth of work by Binarly, a firm that helps customers identify and secure vulnerable firmware.
Please read the entire article. It might be talked about in other podcasts and the like, and you should listen to those too.
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.