Just about every Windows and Linux device vulnerable to new firmware attack
The exploit was developed by researchers, not actual hackers, so this is a vulnerability and not a threat yet. At some point soon the UEFI makers will be releasing some way to patch it - I guess you'd have to flash your motherboard, which is always a fun and anxiety-inducing experience.
Basically - you know how when you first boot up your computer, a logo of some kind pops up? Usually the motherboard manufacturer's logo, or a vendor's logo if you bought your computer pre-built. Well, that logo is an image file, and it can be replaced with an identical-looking one that can run arbitrary code. This is a problem because the instruction that displays the logo runs before almost anything else on your system, including firmware security routines.
---
There are several ways to exploit LogoFAIL. Remote attacks work by first exploiting an unpatched vulnerability in a browser, media player, or other app and using the administrative control gained to replace the legitimate logo image processed early in the boot process with an identical-looking one that exploits a parser flaw. The other way is to gain brief access to a vulnerable device while it’s unlocked and replace the legitimate image file with a malicious one.
In either case, the malicious logo causes the UEFI to execute attacker-created code during the all-important DXE phase each time the device boots. By executing code in this early stage, when most of the system initialization is performed, an exploit hijacks all execution flow that follows, allowing it to bypass security defenses such as Secure Boot and hardware-based verified boot mechanisms such as Intel Boot Guard, AMD Hardware-Validated Boot, or ARM TrustZone-based Secure Boot.
Depending on how the UEFI is configured, a simple copy/paste command, executed either by the malicious image or with physical access, is in many cases all that’s required to place the malicious image into what’s known as the ESP, short for EFI System Partition, a region of the hard drive that stores boot loaders, kernel images, and any device drivers, system utilities, or other data files needed before the main OS loads.
There are major benefits to this approach. One is that no executable code ever touches the hard drive, a technique known as fileless malware that hampers detection by antivirus and other types of endpoint protection software. Another benefit: Once the image is in place, it ensures a device remains infected even when an operating system is reinstalled or the main hard drive is replaced.
Awesome...
