"UEFI Vulnerabilities Enable Stealth Malware Attacks and Secure Boot Bypass on Millions of PCs"

Multiple vulnerabilities in the Unified Extensible Firmware Interface (UEFI) code, collectively known as LogoFAIL, have been discovered, allowing threat actors to deliver malicious payloads and bypass security technologies. By injecting a malicious logo image file into the EFI system partition, attackers can bypass security solutions and deliver persistent malware during the boot phase. The vulnerabilities affect both x86 and ARM-based devices and major independent firmware/BIOS vendors (IBVs) like AMI, Insyde, and Phoenix, impacting a wide range of consumer and enterprise-grade devices. These flaws highlight the need for improved code quality and product security maturity in IBVs reference code.