Dan Goodin on Nostr: Researchers have discovered malicious code circulating in the wild that hijacks the ...
Researchers have discovered malicious code circulating in the wild that hijacks the earliest stage boot process of Linux devices by exploiting a year-old firmware vulnerability when it remains unpatched on affected models.
The critical vulnerability is one of a constellation of exploitable flaws discovered last year and given the name LogoFAIL. These exploits are able to override an industry-standard defense known as Secure Boot and execute malicious firmware early in the boot process. Until now, there were no public indications that LogoFAIL exploits were circulating in the wild.
The ultimate objective of the exploit, which Binarly disclosed Friday, is to install Bootkitty, a bootkit for Linux that was found and reported on Wednesday by researchers from security firm ESET.
https://arstechnica.com/security/2024/11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/
The critical vulnerability is one of a constellation of exploitable flaws discovered last year and given the name LogoFAIL. These exploits are able to override an industry-standard defense known as Secure Boot and execute malicious firmware early in the boot process. Until now, there were no public indications that LogoFAIL exploits were circulating in the wild.
The ultimate objective of the exploit, which Binarly disclosed Friday, is to install Bootkitty, a bootkit for Linux that was found and reported on Wednesday by researchers from security firm ESET.
https://arstechnica.com/security/2024/11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/