LogoFAIL attack can inject malware in the firmware of many computers

Researchers from security firm Binarly have discovered vulnerabilities in UEFI firmware used by computer manufacturers, such as Intel, Acer, and Lenovo, that could allow attackers to deploy stealthy rootkits at the early stages of the boot-up process. The ‘LogoFAIL’ attack involves planting malicious images in a special partition on the computer drive or in firmware regions not protected by security features. The research team identified 29 issues in image parsers used in Insyde, AMI, and Phoenix firmware, 15 of which could be exploited for arbitrary code execution.