Tag: Phoenix SecureCore UEFI firmware

Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs
News

Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs

Details of a security vulnerability in Phoenix SecureCore UEFI firmware that has been fixed and impacts several versions of Intel Core desktop and mobile CPUs have been made public by cybersecurity experts. The "UEFIcanhazbufferoverflow" vulnerability, identified as CVE-2024-0762 (CVSS score: 7.5), is characterized as a buffer overflow that arises from the usage of an unsafe variable in the configuration of the Trusted Platform Module (TPM) and has the potential to execute malicious code. According to a research released with The Hacker News by supply chain security company Eclypsium, the vulnerability enables a local attacker to escalate privileges and obtain code execution within the UEFI firmware during runtime. Firmware backdoors, such as BlackLotus, are known to engage in th...