Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware
#1
[Image: BIOS-modern.jpg]

Quote:Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip's SPI Flash memory —a mandatory component used during the boot-up process [1, 2, 3].

According to Lenovo, who recently deployed the Intel fixes, "the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware."

Lenovo engineers say "this would most likely result in a visible malfunction, but could in rare circumstances result in arbitrary code execution."

Intel deployed fixes for this vulnerability (CVE-2017-5703) on April 3. The chipset maker says the following CPU series utilize unsafe opcodes that allow local attackers to take advantage of this security bug:

Read the full article here:

https://www.bleepingcomputer.com/news/se...-firmware/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Hackers Breach University of Manchester; School Says Attackers Likely Copied Data mrtrout 0 542 06-12-2023 , 10:39 PM
Last Post: mrtrout
  New UEFI rootkit Black Lotus offered for sale at $5,000 mrtrout 0 731 10-18-2022 , 01:00 AM
Last Post: mrtrout
  New macOS zero-day bug lets attackers run commands remotely mrtrout 0 606 09-21-2021 , 09:48 PM
Last Post: mrtrout
  Australia passes surveillance bill that lets police take over accounts, alter, and mrtrout 0 555 09-03-2021 , 12:32 AM
Last Post: mrtrout
  Why You Suddenly Need To Delete Google Chrome mrtrout 0 611 09-02-2021 , 08:59 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)