Binarly CEO Alex Matrosov discusses the LogoFAIL set of vulnerabilities that allow attackers to store malicious logo images either on the EFI System Partition (ESP) or inside unsigned sections of a firmware update. When these images are parsed during boot, the vulnerability can be triggered and an attacker-controlled payload can arbitrarily be executed to hijack the execution flow and bypass security features like Secure Boot, including hardware-based Verified Boot mechanisms (like Intel Boot Guard, AMD Hardware-Validated Boot or ARM TrustZone-based Secure Boot).
Chapters:
00:00 - Title
00:04 - What is LogoFAIL?
00:53 - Why is this significant?
01:51 - How did Binarly disclose LogoFAIL?
03:03 - What steps can be taken to mitigate the risks associated with LogoFAIL?
04:01 - When will full details about LogoFAIL be available?
04:29 - How Binarly can detect these vulnerabilities?
More details: [ Ссылка ]
Follow Alex on X: [ Ссылка ]
Follow Binarly on X: [ Ссылка ]
Subscribe to Binarly's YouTube Channel: [ Ссылка ]
[ Ссылка ]
#Binarly
