Security News > 2023 > December > UEFI flaws allow bootkits to pwn potentially hundreds of devices using images

Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could allow attackers to hijack poorly maintained image libraries to quietly deliver malicious payloads that bypass Secure Boot, Intel Boot Guard, AMD Hardware-Validated Boot, and others.

Dubbed "LogoFail," we're told the set of vulnerabilities allows attackers to use malicious image files that are loaded by the firmware during the boot phase as a means of quietly delivering payloads such as bootkits.

The vulnerabilities affect the image parsing libraries used by various firmware vendors, most of which are exposed to the flaws, according to the researchers at Binarly.

Image parsers are firmware components responsible for loading logos of vendors, or workplaces in cases where work-issued machines are configured to do so, flashing them on the display as the machine boots.

Attackers could feasibly inject their own image file into the EFI system partition, which is then parsed during boot and is capable of quietly installing a malicious payload, such as a bootkit, with persistence.

"The exact list of affected devices is still being determined but it's crucial to note that all three major IBVs are impacted - AMI, Insyde, and Phoenix due to multiple security issues related to image parsers they are shipping as a part of their firmware."

News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/01/uefi_image_parser_flaws/