UEFIs booting Windows and Linux devices can be hacked by malicious logo images.

Dan Goodin - 12/6/2023, 3:02 PM

  • @anonymouse@lemmings.world
    link
    fedilink
    English
    51 year ago

    “There are several ways to exploit LogoFAIL. Remote attacks work by first exploiting an unpatched vulnerability in a browser, media player, or other app and using the administrative control gained to replace the legitimate logo image processed early in the boot process with an identical-looking one that exploits a parser flaw. The other way is to gain brief access to a vulnerable device while it’s unlocked and replace the legitimate image file with a malicious one.”