NEWS
NEWS
In the news: Hundreds of Consumer and Enterprise Devices Vulnerable to LogoFAIL; Linux Mint 21.3 Beta Available with Latest Version of Cinnamon; Arch Linux 2023.12.01 Released with a Much-Improved Installer; Zorin OS 17 Beta Available for Testing; Red Hat Migrates RHEL from Xorg to Wayland; PipeWire 1.0 Officially Released; Rocky Linux 9.3 Available for Download; Ubuntu Budgie Shifts How to Tackle Wayland; and TUXEDO's New Ultraportable Linux Workstation Released.
Hundreds of Consumer and Enterprise Devices Vulnerable to LogoFAIL
At Black Hat Europe 2023, Fabio Pagani shared a presentation (https://www.blackhat.com/eu-23/briefings/schedule/index.html#logofail-security-implications-of-image-parsing-during-system-boot-35042) about a newly discovered collection of vulnerabilities being used against Linux and Windows systems that involves, believe it or not, logos.
LogoFAIL is a group of vulnerabilities that targets UEFI code from various firmware/BIOS vendors through high-impact flaws in the image parsing libraries within the firmware.
According to Binarly (https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/index.html), "One of the most important discoveries is that LogoFAIL is not silicon-specific and can impact x86 and ARM-based devices. LogoFAIL is UEFI and IBV-specific because of the specifics of vulnerable image parsers that have been used. That shows a much broader impact from the perspective of the discoveries that will be presented on Dec 6th."
[...]
Buy this article as PDF
(incl. VAT)