"UEFI Vulnerabilities Pose Widespread Threat to Computer Security"
Originally Published 2 years ago — by The Hacker News
Multiple security vulnerabilities dubbed PixieFail have been disclosed in the TCP/IP network protocol stack of the open-source reference implementation of the UEFI specification, impacting UEFI firmware from major vendors. These flaws could lead to remote code execution, denial-of-service attacks, DNS cache poisoning, and data leakage. The vulnerabilities, identified by Quarkslab, are present in the TianoCore EFI Development Kit II (EDK II) and could be exploited by attackers within the local network or remotely, depending on the firmware build and default PXE boot configuration.