Security News > 2023 > December > LogoFAIL bugs in UEFI code allow planting bootkits via images
Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors.
Discovering the LogoFAIL vulnerabilities started as a small research project on attack surfaces from image-parsing components in the context of custom or outdated parsing code in UEFI firmware.
Planting malware in such a way ensures persistence on the system that is virtually undetected, as illustrated in past attacks leveraging infected UEFI components [1, 2]. LogoFAIL does not affect runtime integrity because there is no need to modify the bootloader or the firmware, a method seen with the BootHole vulnerability or the BlackLotus bootkit.
The researchers highlight that because it is not silicon-specific LogoFAIL vulnerabilities impact vendors and chips from multiple makers.
The issues are present in products from many major device manufacturers that use UEFI firmware in consumer and enterprise-grade devices.
According to the summary of the LogoFAIL presentation, the researchers disclosed their findings to multiple device vendors and to the three major UEFI providers.