Two teams of researchers have revealed vulnerabilities this week in Unified Extensible Firmware Interface (UEFI) implementations and bootloaders that could allow attackers to defeat the secure boot defenses of modern PCs and deploy highly persistent rootkits.

Researchers from firmware and hardware security firm Eclypsium published a report on vulnerabilities they found in three third-party bootloaders that are digitally signed by Microsoft’s root of trust. They can be deployed on PCs as a replacement for the OS bootloader to support pre-boot capabilities for specialized enterprise software such as PC hardware diagnostics, disk rollback, or full disk encryption.

To read this article in full, please click here

Advisories

CVE-2021-29118

August 12, 2022

Read Time:12 Second

An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user.

Advisories

CVE-2021-29117

August 12, 2022

Read Time:11 Second

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.

Advisories

CVE-2021-29112

August 12, 2022

Read Time:12 Second

Cyber Security News

Monthly Archives: August 2022

GLSA 202208-24: GNU C Library: Multiple Vulnerabilities

GLSA 202208-25: Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities

GLSA 202208-20: Apache HTTPD: Multiple Vulnerabilities

GLSA 202208-21: libebml: Heap buffer overflow vulnerability

GLSA 202208-22: xterm: Multiple Vulnerabilities

Friday Squid Blogging: SQUID Acronym for Making Conscious Choices

New exploits can bypass Secure Boot and modern UEFI security protections

CVE-2021-29118

CVE-2021-29117

CVE-2021-29112

News, Advisories and much more