Conversation

Notices

1. Embed this notice
   Dan Goodin (dangoodin@infosec.exchange)'s status on Thursday, 07-Dec-2023 00:49:53 JST Dan Goodin

   • Alex Matrosov

   If you use a Windows or Linux device, it's vulnerable to a new post-exploit attack that can remotely install an undetectable backdoor at the UEFI level. Updates from just about every vendor available today. Impressive work from @matrosov and the rest of Binarly.

   https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/

   • Thomas 🔭🕹️ repeated this.
   • Embed this notice
     Dan Goodin (dangoodin@infosec.exchange)'s status on Thursday, 07-Dec-2023 07:06:07 JST Dan Goodin

     in reply to

     • Alex Matrosov

     @matrosov

     It's 2023, and not only can malicious images still remotely execute malicious code on your devices, but they can do it at the UEFI level, during bootup, enabling invisible firmware bootkits. This new post-exploit attack, known as LogoFAIL, is mind-blowing. Amazing that an entire ecosystem comprising dozens of wealthy companies couldn't be bothered to fuzz the UEFIs they provide to billions of people. With a small amount of effort, this attack could have been closed off a decade ago.

     https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/

   • Embed this notice
     Ethan Black (golemwire@social.librem.one)'s status on Thursday, 07-Dec-2023 16:25:08 JST Ethan Black

     in reply to

     • System76 :popos: :ubuntu:

     @dangoodin I know my @system76 uses Insyde firmware... my machine is older but I hope I get a fix 🙏

   • Embed this notice
     Dan Goodin (dangoodin@infosec.exchange)'s status on Thursday, 07-Dec-2023 16:25:09 JST Dan Goodin

     in reply to

     A CERT coordination center has published an advisory on LogoFail, but unfortunately, it doesn't tell us much. It confirms that AMI, Insyde, Intel and Phoenix are affected and that Microsoft and Toshiba are not. But the remaining 20 companies are fall in the "unknown" category. One of the unknowns is Lenovo, which has already confirmed that it is affected.

     Also, no CVEs.

     ¯_(ツ)_/¯

     https://kb.cert.org/vuls/id/811862

   • Embed this notice
     Dan Goodin (dangoodin@infosec.exchange)'s status on Thursday, 07-Dec-2023 16:25:10 JST Dan Goodin

     in reply to

     • Alex Matrosov

     @matrosov

     Lots of people asking what the CVEs are and where announcements from various parties can be found. This is a massive, massive (un)coordinated disclosure. Lots of broken or non-existent links at the moment. I'm expecting things will straighten out in an hour or two. Please be patient.

   • Embed this notice
     Ethan Black (golemwire@social.librem.one)'s status on Saturday, 09-Dec-2023 11:53:55 JST Ethan Black

     in reply to

     • System76 :popos: :ubuntu:

     @system76 @dangoodin This is great to know — thanks!

   • Embed this notice
     System76 :popos: :ubuntu: (system76@fosstodon.org)'s status on Saturday, 09-Dec-2023 11:53:56 JST System76 :popos: :ubuntu:

     in reply to

     • Ethan Black

     @golemwire @dangoodin since you can't change the logo in firmware this wouldn't effect your system.