Security News > 2023 > December > Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot

Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot
2023-12-07 21:36

Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot Lenovo, AMI and Insyde have released patches for LogoFAIL, an image library poisoning attack.

Researchers at firmware supply chain security platform company Binarly discovered a set of security vulnerabilities that open almost all Windows and Linux computers up to attack.

LogoFAIL is a series of vulnerabilities whereby the graphic image parsers in system firmware can use customized versions of image parsing libraries.

Put simply, attackers could embed malicious code into logos that appear during the Driver Execution Environment stage in the boot process, such as the device manufacturer's logo.

From there, attackers can access and control the device's memory and disk.

"We have been heavily focused on reporting vulnerabilities mainly discovered by the Binarly Transparency Platform product, but the work on LogoFAIL was different and originally initiated as a small research project just for fun," Binarly's team wrote.


News URL

https://www.techrepublic.com/article/logo-fail-windows-linux-vulnerabilities/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232