Malicious UEFI Logo Images Expose Enterprise and Consumer Devices to Attacks


The firmware security company Binarly disclosed the specifics of an attack method that uses malicious UEFI logo images to compromise a large number of consumer and enterprise devices.

The attack technique, known as LogoFAIL, takes advantage of flaws in the image parsers that the UEFI firmware uses to display logos in the BIOS or during bootup. An attacker may be able to take control of the execution flow and execute arbitrary code by tricking the impacted parsers into processing a specially created image.

The LogoFAIL attack gives hackers access to the entire system and allows them to get around security features like Secure Boot.

Read More: Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.