Communications of the ACM

Home/News/Researchers Disclose Widespread Bootloader Vulnerability/Full Text

ACM TechNews

Researchers Disclose Widespread Bootloader Vulnerability

By Federal Computer Week
August 5, 2020
Comments

View as: Print Mobile App Share:

Researchers at enterprise device security company Eclypsium say they have found a new buffer flow vulnerability during the booting process that could affect potentially billions of Linux and Windows-based devices.

Credit: fcw.com

Researchers at enterprise device security company Eclypsium reported a buffer-flow flaw during booting that could potentially compromise billions of Linux and Windows-based computing devices.

The vulnerability affects devices and operating systems employing signed versions of the open source GRUB2 bootloader software used in most Linux systems, and systems or devices utilizing the Secure Boot root firmware interface with Microsoft's standard third-party certificate authority.

The researchers said, "If this process is compromised, attackers can control how the operating system is loaded and subvert all higher-layer security controls."

Bypassing the boot process could give attackers persistent, cloaked root-level access free of temporary credentials or access privileges.

From Federal Computer Week
View Full Article

No entries found

Researchers Disclose Widespread Bootloader Vulnerability

Humanoid Robot Acts Out Prompts Like It's Playing Charades

U.S. Copyright Office's Questions about Generative AI

Tokenomy of Tomorrow: Envisioning an AI-Driven World