Cybersecurity scientists have disclosed aspects of a now-patched security flaw in Phoenix SecureCore UEFI firmware that impacts several households of Intel Main desktop and cellular processors.
Tracked as CVE-2024-0762 (CVSS rating: 7.5), the “UEFIcanhazbufferoverflow” vulnerability has been explained as a case of a buffer overflow stemming from the use of an unsafe variable in the Trustworthy System Module (TPM) configuration that could final result in the execution of malicious code.
“The vulnerability will allow a nearby attacker to escalate privileges and obtain code execution within just the UEFI firmware all through runtime,” provide chain security business Eclypsium claimed in a report shared with The Hacker Information.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“This form of minimal-amount exploitation is normal of firmware backdoors (e.g., BlackLotus) that are increasingly observed in the wild. These implants give attackers ongoing persistence inside a product and normally, the potential to evade better-degree security steps managing in the running system and application layers.”
Next accountable disclosure, the vulnerability was resolved by Phoenix Technologies in April 2024. Pc maker Lenovo has also introduced updates for the flaw as of very last month.
“This vulnerability influences devices using Phoenix SecureCore firmware running on decide on Intel processor families, which includes AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake,” the firmware developer stated.
UEFI, a successor to BIOS, refers to motherboard firmware made use of for the duration of startup to initialize the components elements and load the working procedure by means of the boot manager.
The reality that UEFI is the first code that’s operate with the best privileges has built it a rewarding focus on for threat actors hunting to deploy bootkits and firmware implants that can subvert security mechanisms and keep persistence without the need of getting detected.
This also signifies that vulnerabilities found in the UEFI firmware can pose a intense offer chain risk, as they can effect numerous diverse items and suppliers at as soon as.
“UEFI firmware is some of the most large-price code on fashionable devices, and any compromise of that code can give attackers whole manage and persistence on the system,” Eclypsium reported.
The enhancement comes virtually a month right after the corporation disclosed a similar unpatched buffer overflow flaw in HP’s implementation of UEFI that impacts HP ProBook 11 EE G1, a gadget that reached conclusion-of-existence (EoL) position as of September 2020.
It also follows the disclosure of a program attack known as TPM GPIO Reset that could be exploited by attackers to access secrets saved on disk by other functioning units or undermine controls that are shielded by the TPM these kinds of as disk encryption or boot protections.
Discovered this write-up exciting? Follow us on Twitter and LinkedIn to read through a lot more distinctive material we post.
Some components of this write-up are sourced from:
thehackernews.com