Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
UEFICANHAZBUFFEROVERFLOW: Lenovo’s Race to Patch Major UEFI Vulnerability
A new vulnerability, UEFICANHAZBUFFEROVERFLOW, impacts Phoenix SecureCore UEFI firmware, affecting various Intel CPUs. Discovered by Eclypsium, it could allow code execution on Lenovo, Dell, Acer, and HP devices. Lenovo has started releasing firmware updates to address this flaw.
Hot Take:
Just when you thought your laptop’s biggest threat was a spilled coffee, along comes ‘UEFICANHAZBUFFEROVERFLOW’ to remind us all that even the most secure firmware can have its Achilles’ heel. Time to update those firmware versions, folks, or you might find your device has a new unwanted bootkit buddy!
Key Points:
- New vulnerability CVE-2024-0762, dubbed ‘UEFICANHAZBUFFEROVERFLOW,’ impacts Intel CPU-based devices.
- Flaw found in Phoenix SecureCore UEFI firmware’s TPM configuration.
- Potential for code execution and bootkit malware installation if exploited.
- Lenovo has released firmware updates; other manufacturers like Dell, Acer, and HP are also affected.
- Eclypsium discovered the bug and worked with Phoenix and Lenovo for a patch.
Already a member? Log in here