Security News > 2024 > January > BreachForums admin 'Pompourin' sentenced to 20 years of supervised release

BreachForums admin 'Pompourin' sentenced to 20 years of supervised release
2024-01-22 02:29

The series of nine vulnerabilities are found in EDK II - an open source implementation of UEFI maintained by TianoCore, according to researchers from Quarkslab that discovered the issue.

According to the researchers, the vulnerabilities are specifically found in the NetworkPkg module included in EDK II, which is used by vendors including Arm, Insyde Software, American Megatrends, Phoenix Technologies and Microsoft.

Machines using EDK II that boot from a network using PXE - and, most crucially, are configured to use IPv6 - are all vulnerable to exploitation from the vulnerabilities.

As has been well established by previous UEFI exploits like BlackLotus and LogoFail - the latter only just discovered in December - such vulnerabilities can be serious, and there's no exception in the case of PixieFail.

Critical vulnerabilities: Another Chrome zero-day to patch.

We covered several critical vulnerabilities this week, like a pair of Citrix NetScaler bugs under active exploit and the resurgence of some years-old vulnerabilities being hit by Androxgh0st malware being used to build a botnet.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/01/22/infosec_news_roundup/