SpywareHammer General Issues Forums => Current News => Topic started by: Bugbatter on April 15, 2018, 12:08:41 PM

Title: Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware
Post by: Bugbatter on April 15, 2018, 12:08:41 PM

Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip's SPI Flash memory a mandatory component used during the boot-up process.

According to Lenovo, who recently deployed the Intel fixes, "the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware."

Lenovo engineers say "this would most likely result in a visible malfunction, but could in rare circumstances result in arbitrary code execution."

Continued: https://www.bleepingcomputer.com/news/security/intel-spi-flash-flaw-lets-attackers-alter-or-delete-bios-uefi-firmware/