UEFI Attack Surfaces Need Urgent Attention, Says CISA

UEFI Attack Surfaces Need Urgent Attention, Says CISA

The dominant firmware standard, UEFI, has unexplored attack surfaces, and the US government’s cybersecurity agency CISA is warning that this makes it an attractive target for malicious hackers.

A crucial attack surface is UEFI. Attackers have a distinct incentive to target UEFI software, the agency claimed in a call to action written by vulnerability management director Sandra Radesky and CISA technical advisor Jonathan Spring.

The agency issued a warning, noting that security flaws expose computer systems to covert, persistent attacks and that UEFI code is made up of a variety of components (drivers, bootloaders, security and platform initializers, etc.).

Read More: CISA Calls Urgent Attention to UEFI Attack Surfaces

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.