New vulnerability in Phoenix UEFI firmware puts many Intel chips at risk, echoing worries raised by BlackLotus

New vulnerability in Phoenix UEFI firmware puts many Intel chips at risk, echoing worries raised by BlackLotus


A new vulnerability has been discovered in Intel-based devices, including those using the latest Raptor Lake platform, that could allow attackers to gain unauthorized access to PCs through UEFI firmware. The flaw, known as CVE-2024-0762, was identified by cybersecurity firm Eclypsium in the Phoenix SecureCore UEFI firmware on Lenovo ThinkPad X1 Carbon 7th Generation and X1 Yoga 4th Generation devices. Further investigation revealed that the vulnerability affects a wide range of Intel CPUs, impacting models from major manufacturers such as Lenovo, Dell, Acer, and HP.

The vulnerability is a buffer overflow bug found in the Trusted Platform Module (TPM) configuration of the firmware, allowing attackers to escalate privileges and gain code execution within the UEFI firmware. By carefully crafting data to overwrite adjacent memory, attackers can install bootkit malware, granting them low-level access to the system early in the UEFI boot process. This makes detection difficult and poses a significant threat to device security.

Despite UEFI firmware being considered more secure due to features like secure boot supported by modern operating systems, the discovery of this vulnerability highlights the risks associated with UEFI bugs. Criminals can exploit these bugs to create malicious bootkits like BlackLotus, CosmicStrand, and MosaicAggressor, providing them with persistent access to devices and bypassing higher-level security measures.

In response to the discovery, Eclypsium worked with Phoenix and Lenovo to address the flaw. Lenovo has released firmware updates for affected devices, and customers are advised to check for the latest updates from their respective carriers. However, not all models have updates available yet, with some planned for release later this year. Intel users are urged to update their BIOS to protect against the vulnerability, while also taking precautions to back up important files and the original BIOS in case of issues during the flashing process.

Phoenix Technologies acknowledged the vulnerability in May and recommended customers update their firmware to the latest version to avoid exploitation. Mitigations were published in April, emphasizing the importance of timely updates to mitigate the risks associated with the vulnerability.

Overall, the emergence of this new vulnerability highlights the ongoing challenge of securing Intel-based devices against potential threats to UEFI firmware. Collaboration between cybersecurity firms, hardware vendors, and users is essential to address and prevent such vulnerabilities effectively. Users are urged to stay informed about security updates and take proactive steps to protect their devices from potential attacks.

Article Source
https://www.techspot.com/news/103509-new-phoenix-uefi-firmware-flaw-threatens-numerous-intel.html