New Security Flaw in UEFI Affects Millions of PCs
...A new vulnerability dubbed LogoFAIL has been uncovered and documented by researchers. It's an issue in the Unified Extensible Firmware Interface (UEFI), the piece of software that's responsible for booting most Windows and Linux computers, or what you would usually call a BIOS on modern devices.
...The attack comprises two dozen vulnerabilities in image parsers within UEFIs, thus affecting nearly all x64 and ARM CPU ecosystems.
... LogoFAIL targets logos displayed on the device screen during the early boot process, exploiting vulnerabilities in image parsers to replace legitimate logos with infected files. This manipulation allows the execution of arbitrary code during the Driver Execution Environment (DXE) phase, compromising platform security
...LogoFAIL can be executed remotely and bypass traditional protections such as Secure Boot and Intel's Secure Boot.
...Notably, Mac computers are not affected—the vulnerability doesn't work on Intel Macs, and Apple Silicon Macs don't use UEFI at all.
