The Unified Extensible Firmware Interface (UEFI) code from varied impartial firmware/BIOS distributors (IBVs) has been discovered weak to potential assaults by high-impact flaws in picture parsing libraries embedded into the firmware.
The shortcomings, collectively labeled LogoFAIL by Binarly, “can be utilized by menace actors to ship a malicious payload and bypass Safe Boot, Intel Boot Guard, and different safety applied sciences by design.”
Moreover, they are often weaponized to bypass safety options and ship persistent malware to compromised techniques through the boot part by injecting a malicious emblem picture file into the EFI system partition.
Study Insider Risk Detection with Utility Response Methods
Uncover how utility detection, response, and automatic conduct modeling can revolutionize your protection towards insider threats.
Whereas the problems are usually not silicon-specific, that means they affect each x86 and ARM-based units, they’re additionally UEFI and IBV-specific. The vulnerabilities comprise a heap-based buffer overflow flaw and an out-of-bounds learn, particulars of that are anticipated to be made public later this week on the Black Hat Europe convention.
Particularly, these vulnerabilities are triggered when the injected photos are parsed, resulting in the execution of payloads that would hijack the circulate and bypass safety mechanisms.
“This assault vector can provide an attacker a bonus in bypassing most endpoint safety options and delivering a stealth firmware bootkit that may persist in an ESP partition or firmware capsule with a modified emblem picture,” the firmware safety firm stated.
In doing so, menace actors may achieve entrenched management over the impacted hosts, ensuing within the deployment of persistent malware that may fly beneath the radar.
Not like BlackLotus or BootHole, it is price noting that LogoFAIL does not break runtime integrity by modifying the boot loader or firmware element.
The failings have an effect on all main IBVs like AMI, Insyde, and Phoenix in addition to lots of of shopper and enterprise-grade units from distributors, together with Intel, Acer, and Lenovo, making it each extreme and widespread.
The disclosure marks the primary public demonstration of assault surfaces associated to graphic picture parsers embedded into the UEFI system firmware since 2009, when researchers Rafal Wojtczuk and Alexander Tereshkin offered how a BMP picture parser bug could possibly be exploited for malware persistence.
“The kinds – and sheer quantity – of safety vulnerabilities found […] present pure product safety maturity and code high quality usually on IBVs reference code,” Binarly famous.
