CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models

A vulnerability dubbed PKfail can allow attackers to run malicious code during the boot process, which can be used to deliver UEFI bootkits. The post PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models appeared first on SecurityWeek.

Hundreds of computer models are affected by a Secure Boot issue that can allow attackers to run malicious code during the device’s boot process, according to firmware and software supply chain security company Binarly

The vulnerability, named PKfail, is related to an exposed American Megatrends International (AMI) Platform Key (PK), which is a Secure Boot private key. The exposed PK was a default key provided by AMI and it was not supposed to be used in production. 

However, several major computer manufacturers failed to change the PK and shipped many devices with the untrusted key. 

With this key, which was exposed in a recent data leak, attackers with access to a device affected by PKfail can sign malicious code and bypass Secure Boot. This can enable them to deliver UEFI bootkits, such as BlackLotus

“Exploiting PKfail allows attackers to run untrusted code during the boot process, even with Secure Boot enabled. This compromises the entire security chain, from firmware to the operating system,” Binarly warned.

Binarly has scanned an internal dataset of tens of thousands of UEFI firmware images and found that hundreds of device models from Dell, HP, Lenovo, Fujitsu, Supermicro and others are impacted. 

“The first firmware vulnerable to PKfail was released back in May 2012, while the latest was released in June 2024. Overall, this makes this supply-chain issue one of the longest-lasting of its kind, spanning over 12 years,” the security firm explained.

Supermicro said in an advisory that it has fixed the vulnerability. Dell, which has directly worked with Binarly on this issue, has also addressed PKfail in its products. HP, Lenovo and Fujitsu all told Ars Technica that none of their supported products are impacted. 

Binarly has released a tool that enables users to determine whether they are affected by PKfail. 

The company has also published videos showing a PKfail attack against both Windows and Linux systems. 

Related: Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images

Related: Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor

Latest News

CYBERNEWSMEDIAPublisher