Forum - Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware
News Fetcher
Joined: Oct 24 2009
Last Active: Never/Not tracked
Total Active: Never/Not tracked
Timezone: GMT+ -7
136508 posts
Last Page Viewed:
Post 145509       April 15 '18 at 12:20 PM
By msmash from Slashdot's fixed,-next department:
Catalin Cimpanu, writing for BleepingComputer: Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip's SPI Flash memory -- a mandatory component used during the boot-up process [1, 2, 3]. According to Lenovo, who recently deployed the Intel fixes, "the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware." Lenovo engineers say "this would most likely result in a visible malfunction, but could in rare circumstances result in arbitrary code execution."