Cybersecurity researchers have recently discovered a security flaw in Phoenix SecureCore UEFI Firmware that affects multiple families of Intel Core processors. This vulnerability, known as CVE-2024-0762, allows for buffer overflow that could lead to malicious code execution in the Trusted Platform Module (TPM) configuration. This flaw can be exploited by a local attacker to gain escalated privileges within the UEFI firmware during runtime.
Supply chain security firm Eclypsium highlighted the seriousness of this vulnerability, stating that it could provide attackers with continuous persistence in a device and the ability to evade higher-level security measures. Fortunately, Phoenix Technologies addressed the vulnerability in April 2024, and Lenovo has also released updates to mitigate the risk on affected devices.
UEFI, which stands for Unified Extensible Firmware Interface, is used in place of BIOS to initialize hardware components and load the operating system during startup. Due to its high level of privileges, UEFI has become a prime target for threat actors seeking to deploy bootkits and firmware implants to compromise device security and maintain persistence without detection. Vulnerabilities in UEFI firmware pose a significant risk to the supply chain as they can impact multiple products and vendors simultaneously.
Eclypsium also recently revealed a similar unpatched buffer overflow flaw in HP’s UEFI implementation affecting the HP ProBook 11 EE G1. This development comes on the heels of a software attack targeting TPM GPIO Reset, which could be used by attackers to access sensitive data stored on a disk or circumvent security controls protected by the TPM.
Overall, the discovery of vulnerabilities in UEFI firmware underscores the importance of robust security measures in place to protect against potential threats. As firmware continues to serve as a valuable target for cybercriminals, it is crucial for manufacturers and users alike to stay vigilant and implement timely updates to mitigate the risks posed by such vulnerabilities.
Article Source
https://thehackernews.com/2024/06/researchers-uncover-uefi-vulnerability.html
