top | item 38550083

(no title)

adrians1 | 2 years ago

> Remote attacks work by first exploiting an unpatched vulnerability in a browser, media player, or other app and using the administrative control gained to replace the legitimate logo image processed early in the boot process with an identical-looking one that exploits a parser flaw.

I don't get the point of this. Any vulnerability that requires local access can be exploited if you first get remote code execution through another vulnerability. Also, exploiting the browser or the media player doesn't give you admin privileges, you need another privilege escalation exploit for that.

discuss

tuetuopay|2 years ago

What make this vulnerability frightening is

- the persistence that’s nearly perfect

- an av cannot detect it ever

- it bypasses all forms of secure boot by getting code exec at the earliest of stages in the boot chain of trust

- the disassemblies show that the bios vendors did not even remotely try to make the parser secure. it is a joke. and if an image parser is that bad, I can’t even imagine the quality of usb or network stacks

K0balt|2 years ago

But this makes the access persistent, and allows the removal of all evidence of the initial penetration, survives OS patching, vulnerability scanning, etc.

adrians1|2 years ago

Agree, it's a serious vulnerability, but it's not exploitable remotely.