Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs

Details of a security vulnerability in Phoenix SecureCore UEFI firmware that has been fixed and impacts several versions of Intel Core desktop and mobile CPUs have been made public by cybersecurity experts.

The “UEFIcanhazbufferoverflow” vulnerability, identified as CVE-2024-0762 (CVSS score: 7.5), is characterized as a buffer overflow that arises from the usage of an unsafe variable in the configuration of the Trusted Platform Module (TPM) and has the potential to execute malicious code.

According to a research released with The Hacker News by supply chain security company Eclypsium, the vulnerability enables a local attacker to escalate privileges and obtain code execution within the UEFI firmware during runtime.

Firmware backdoors, such as BlackLotus, are known to engage in this kind of low-level exploitation and are becoming more frequently seen in the wild read more about Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *