Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware (bleepingcomputer.com)

Posted by msmash on Sunday April 15, 2018 @08:00AM from the fixed,-next dept.

Catalin Cimpanu, writing for BleepingComputer: Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip's SPI Flash memory -- a mandatory component used during the boot-up process [1, 2, 3]. According to Lenovo, who recently deployed the Intel fixes, "the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware." Lenovo engineers say "this would most likely result in a visible malfunction, but could in rare circumstances result in arbitrary code execution."

3 of 46 comments (clear)

Min score:

Reason:

Sort:

Re:Not another.. by gweihir · 2018-04-15 08:20 · Score: 3, Insightful

Industry-wide patching it is. And now that security researchers are finally looking at hardware again, expect more of these. For one thing is sure: Intel has been doing an exceptionally bad job the last decade or so, possibly because they believed to have won the game.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Please bring back BIOS update jumpers by Anonymous Coward · 2018-04-15 08:27 · Score: 1, Insightful

I am tired of having to rely on software security measures that will inevitably not work. Give me a fucking switch to turn off write access in hardware. The IT industry sucks.
1. Re: Please bring back BIOS update jumpers by Anonymous Coward · 2018-04-15 08:34 · Score: 3, Insightful
  
  Speakers attached to an external amplifier can't be abused as microphones.