Quarkslab, a French security research firm, has discovered several critical vulnerabilities in EDK II, the de facto open source reference implementation of the UEFI specification.
As a result, the firm has issued a warning regarding the potential for remote code execution attacks. Following a lengthy disclosure process, Quarkslab revealed the vulnerabilities in a research paper, stating that they can be exploited during the network boot process and exist in the EDK II network stack. The flaws, dubbed PixieFAIL, were found during what Quarkslab called a “cursory inspection” of NetworkPkg, which offers the shell programs and drivers required for network configuration.
The firm said that a number of vendors are using the vulnerable module in addition to Tianocore’s EDK II UEFI implementation and the NetworkPkg PXE stack.
Read More:Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates
