Cannot catch a destroy: Consider BlackLotus? A equivalent new vulnerability has now seemed, and it might be the following large headache for Intel-based units, together with the ones in accordance with the newest Raptor Lake platform. It impacts the UEFI firmware, probably giving attackers a backdoor to wreak havoc on prone PCs.
The flaw (CVE-2024-0762 with a reported CVSS of seven.5) was once found out within the Phoenix SecureCore UEFI firmware through cybersecurity company Eclypsium, who identified it on Lenovo ThinkPad X1 Carbon seventh Gen and X1 Yoga 4th Gen units. Additional investigation printed that the vulnerability impacts SecureCore firmware for a variety of Intel CPUs, together with Alder Lake, Espresso Lake, Comet Lake, Ice Lake, Jasper Lake, Kaby Lake, Meteor Lake, Raptor Lake, Rocket Lake, and Tiger Lake.
That is each “Lake” launched up to now, so masses of fashions from primary producers similar to Lenovo, Dell, Acer, and HP might be impacted.
The vulnerability is largely a buffer overflow trojan horse discovered within the firmware’s Relied on Platform Module (TPM) configuration, which we could attackers escalate privileges and acquire code execution throughout the UEFI firmware right through runtime. By means of overwriting adjoining reminiscence with in moderation crafted information, attackers can lift privileges and acquire code execution skills throughout the firmware, enabling them to put in bootkit malware.
“To be transparent, this vulnerability lies within the UEFI code dealing with TPM configuration – in different phrases, it isn’t important in case you have a safety chip like a TPM if the underlying code is incorrect,” clarifies Eclypsium.
Such low-level exploits are turning into increasingly more commonplace within the wild, offering dangerous actors with chronic get right of entry to to units and the approach to paintings round higher-level security features within the OS and tool layers.
UEFI firmware is normally regarded as extra protected on account of Safe Boot, a function supported through trendy running techniques like Home windows, macOS, and Linux. However the discovery of this vulnerability highlights the rising development of focused on UEFI insects to create malicious bootkits. Those bootkits, similar to BlackLotus, CosmicStrand, and MosaicAggressor, load early within the UEFI boot procedure, granting attackers low-level get right of entry to to the device. This makes detection extremely tricky.
In line with this discovery, Eclypsium coordinated with Phoenix and Lenovo to deal with the flaw. Lenovo has already launched firmware updates for affected units, and consumers are steered to discuss with their respective distributors for the newest firmware updates. Then again, you will need to be aware that no longer all fashions have to be had firmware updates on the time of writing, with many deliberate for unlock later this yr.
If you are an Intel person, it is an important to replace your BIOS once imaginable. However prior to diving in headfirst, remember to again up your vital information and the unique BIOS, simply in case issues cross sideways right through the replace procedure.
In the meantime, Phoenix Applied sciences disclosed the vulnerability in Would possibly, pronouncing that mitigations had been launched as early as April. “Phoenix Applied sciences strongly recommends consumers to replace their firmware to the newest model and call their {hardware} dealer once imaginable to forestall any attainable exploitation of this flaw,” it mentioned.
Leave a Reply