UEFIs booting Windows and Linux devices can be hacked by malicious logo images.

Dan Goodin - 12/6/2023, 3:02 PM

  • Synthead@lemmy.world
    link
    fedilink
    English
    arrow-up
    32
    arrow-down
    1
    ·
    1 year ago

    Or any OS that uses UEFI. Or UEFI without an OS. So basically UEFI and not Windows or Linux at all.

  • taladar@sh.itjust.works
    link
    fedilink
    arrow-up
    25
    arrow-down
    2
    ·
    edit-2
    1 year ago

    That is a terrible article that leaves out pretty much everything important about the actual exploit and instead has lots of general information that most people who would be in the position to have to patch this on large numbers of machines already know.

    Edit: nevermind, it is just a case of those multi-page articles for advertising reasons.

      • AtmaJnana@lemmy.world
        link
        fedilink
        arrow-up
        9
        ·
        edit-2
        1 year ago

        FTA, emphasis mine:

        “The flaw exists in the processing of user-supplied splash screen during system boot, which can be exploited by an attacker who has physical access to the device,” according to the notification, which noted that an updated version is available. “By supplying a malicious splash screen, the attacker can cause a denial-of-service attack or execute arbitrary code in the UEFI DXE phase, bypassing the Secure Boot mechanism and compromising the system integrity.”

        Sure, but physical access is already no bueno.

        I wonder whether this could also be exploited remotely. IIRC, my mainboard vendor provides software to update the boot logo from within the OS. I don’t think it requires any physical interaction. It does require admin rights tho.

        • anonymouse@lemmings.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          “There are several ways to exploit LogoFAIL. Remote attacks work by first exploiting an unpatched vulnerability in a browser, media player, or other app and using the administrative control gained to replace the legitimate logo image processed early in the boot process with an identical-looking one that exploits a parser flaw. The other way is to gain brief access to a vulnerable device while it’s unlocked and replace the legitimate image file with a malicious one.”

          • AtmaJnana@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            That’s what I get for reading it on mobile while parenting. Lol. Thanks, I obviously missed that.

  • wincing_nucleus073@lemm.ee
    link
    fedilink
    arrow-up
    16
    arrow-down
    2
    ·
    1 year ago

    this is a physical access attack. if they already have physical access they can do a million other things too. this is kind of not important to be fair.

    • Grunt4019@lemm.ee
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      There is a remote vector as well beyond just physical access.

      There are several ways to exploit LogoFAIL. Remote attacks work by first exploiting an unpatched vulnerability in a browser, media player, or other app and using the administrative control gained to replace the legitimate logo image processed early in the boot process with an identical-looking one that exploits a parser flaw. The other way is to gain brief access to a vulnerable device while it’s unlocked and replace the legitimate image file with a malicious one.

  • Chais@sh.itjust.works
    link
    fedilink
    arrow-up
    9
    ·
    edit-2
    1 year ago

    Maybe it’s time we give up on computers. We’re simply not good with them. Or maybe it’s just time to oxidise all the software.

  • NabeGewell@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    1 year ago

    Every tech we advance in will always give hackers more freedom as well, it’s how it will always be. Its also why we should have less and less info about us on the net.

    What could KINDA help against this is using open source software, but wheres the spyware in that?