NEWS

NEWS

Article from Issue 279/2024

In the news: Hundreds of Consumer and Enterprise Devices Vulnerable to LogoFAIL; Linux Mint 21.3 Beta Available with Latest Version of Cinnamon; Arch Linux 2023.12.01 Released with a Much-Improved Installer; Zorin OS 17 Beta Available for Testing; Red Hat Migrates RHEL from Xorg to Wayland; PipeWire 1.0 Officially Released; Rocky Linux 9.3 Available for Download; Ubuntu Budgie Shifts How to Tackle Wayland; and TUXEDO's New Ultraportable Linux Workstation Released.

Hundreds of Consumer and Enterprise Devices Vulnerable to LogoFAIL

At Black Hat Europe 2023, Fabio Pagani shared a presentation (https://www.blackhat.com/eu-23/briefings/schedule/index.html#logofail-security-implications-of-image-parsing-during-system-boot-35042) about a newly discovered collection of vulnerabilities being used against Linux and Windows systems that involves, believe it or not, logos.

LogoFAIL is a group of vulnerabilities that targets UEFI code from various firmware/BIOS vendors through high-impact flaws in the image parsing libraries within the firmware.

According to Binarly (https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/index.html), "One of the most important discoveries is that LogoFAIL is not silicon-specific and can impact x86 and ARM-based devices. LogoFAIL is UEFI and IBV-specific because of the specifics of vulnerable image parsers that have been used. That shows a much broader impact from the perspective of the discoveries that will be presented on Dec 6th."

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus