Oof, this is a bad one. A vulnerability was found in the UEFI reference design, a firmware codebase used by virtually all popular Windows and Linux PCs. The exploit uses a bug in an image decoder (yep, image decoders, once again) that runs during boot *before* most security countermeasures are installed.
The image used during boot is configurable from userland. So an exploit can run during a user session, after which the next reboot will be compromised.
“Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack”
#software #security #exploit
https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/