UEFI Secure Boot: Not so secure


Video

ESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems

ESET researchers have uncovered a vulnerability that, if exploited, would allow bad actors to circumvent UEFI Secure Boot and deploy malicious UEFI bootkits such as Bootkitty or BlackLotus on vulnerable systems. Tracked as CVE-2024-7344, the security flaw affects most UEFI-based systems and its exploitation would lead to the execution of untrusted code during the system startup process – even where UEFI Secure Boot is enabled and regardless of the operating system installed. The affected UEFI application is part of seven system recovery programs.

What else should you know about the vulnerability and what can you do to ensure your systems are safe? Hear from ESET Chief Security Evangelist Tony Anscombe and make sure to read the full blogpost detailing the discovery.

Connect with us on Facebook, X, LinkedIn and Instagram.



Recent Articles

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here