The binarly post[0] (submitted by @skilled 2 days ago /w no comments and little upvote love) is a cleaner source[1] and just as easy to read. This seems to be a bit of a rewrite, bit of a copy/paste (images straight from binarly). The vulnerability was published a week ago, this article implies it was disclosed today.
I read this comment because I saw some other moderation duty comments and looked at your history. I don't think you should use the word "thither" for transactional comments. It is correct here, I think, but it's somewhat archaic English.
Maybe "over there" or "to that one"? Your way is not wrong, but many will miss the point.
> Remote attacks work by first exploiting an unpatched vulnerability in a browser, media player, or other app and using the administrative control gained to replace the legitimate logo image processed early in the boot process with an identical-looking one that exploits a parser flaw.
I don't get the point of this. Any vulnerability that requires local access can be exploited if you first get remote code execution through another vulnerability. Also, exploiting the browser or the media player doesn't give you admin privileges, you need another privilege escalation exploit for that.
But this makes the access persistent, and allows the removal of all evidence of the initial penetration, survives OS patching, vulnerability scanning, etc.
- it bypasses all forms of secure boot by getting code exec at the earliest of stages in the boot chain of trust
- the disassemblies show that the bios vendors did not even remotely try to make the parser secure. it is a joke. and if an image parser is that bad, I can’t even imagine the quality of usb or network stacks
9 comments
[ 3.2 ms ] story [ 32.0 ms ] thread[0]: https://binarly.io/posts/The_Far_Reaching_Consequences_of_Lo... [1]: https://news.ycombinator.com/item?id=38515571
Submitters: "Please submit the original source. If a post reports on something found on another site, submit the latter." - https://news.ycombinator.com/newsguidelines.html
Maybe "over there" or "to that one"? Your way is not wrong, but many will miss the point.
https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
I don't get the point of this. Any vulnerability that requires local access can be exploited if you first get remote code execution through another vulnerability. Also, exploiting the browser or the media player doesn't give you admin privileges, you need another privilege escalation exploit for that.
- the persistence that’s nearly perfect
- an av cannot detect it ever
- it bypasses all forms of secure boot by getting code exec at the earliest of stages in the boot chain of trust
- the disassemblies show that the bios vendors did not even remotely try to make the parser secure. it is a joke. and if an image parser is that bad, I can’t even imagine the quality of usb or network stacks