“The flaw exists in the processing of user-supplied splash screen during system boot, which can be exploited by an attacker who has physical access to the device,” according to the notification, which noted that an updated version is available. “By supplying a malicious splash screen, the attacker can cause a denial-of-service attack or execute arbitrary code in the UEFI DXE phase, bypassing the Secure Boot mechanism and compromising the system integrity.”
Sure, but physical access is already no bueno.
I wonder whether this could also be exploited remotely. IIRC, my mainboard vendor provides software to update the boot logo from within the OS. I don’t think it requires any physical interaction. It does require admin rights tho.
“There are several ways to exploit LogoFAIL. Remote attacks work by first exploiting an unpatched vulnerability in a browser, media player, or other app and using the administrative control gained to replace the legitimate logo image processed early in the boot process with an identical-looking one that exploits a parser flaw. The other way is to gain brief access to a vulnerable device while it’s unlocked and replace the legitimate image file with a malicious one.”
https://www.darkreading.com/endpoint-security/critical-logofail-bugs-secure-boot-bypass-millions-pcs seems better, it at least mentions that the logo files have to be placed on the EFI System partition to be loaded by the vulnerable code.
FTA, emphasis mine:
Sure, but physical access is already no bueno.
I wonder whether this could also be exploited remotely. IIRC, my mainboard vendor provides software to update the boot logo from within the OS. I don’t think it requires any physical interaction. It does require admin rights tho.
That’s what I get for reading it on mobile while parenting. Lol. Thanks, I obviously missed that.