A zero-day software vulnerability in the firmware of older Apple computers could be used to slip hard-to-remove malware onto a computer. Pedro Vilaca wrote that the flaw he found builds on previous ones but this one could be far more dangerous.
Vilaca found it was possible to tamper with an Apple computer's UEFI, a firmware designed to improve upon BIOS, which is low-level code that bridges a computer's hardware and operating system at startup. The UEFI code is typically sealed off from users. But Vilaca wrote that he found the code is unlocked after a computer goes to sleep and reawakens, allowing it to be modified.Read more
We are very used to dividing the concept of IT security into two unequal subcategories, hardware- and software-centric. The hardware is usually considered relatively safe and clean — as opposed to software which is usually the layer suffering from bugs and malware.
This value system has been functioning for quite a while, however lately it has been showing signs of changing. Certain firmware responsible for managing discrete hardware components has been getting increasingly complex and is subject to vulnerabilities and exploits. Let’s review the top 5 dangerous hardware vulnerabilities that have recently been found in today’s PCs.Read more
Millions of flawed BIOSes can be infected using simple two-minute attacks that don't require technical skills and require only access to a PC to execute. BIOS have been the target of much hacking research in recent years since low-level p0wnage can grant attackers the highest privileges, persistence and stealth.
Because almost no one patches their BIOSes, almost every BIOS is affected by at least one vulnerability, and can be infected. The high amount of code reuse across UEFI BIOSes means that BIOS infection can be automatic and reliable. The point is more how the vendors' fixes are going un-applied by users, corporations, and governments.Read more
«Kaspersky Lab” found that the imperfect implementation of the network protocol used by the product of Absolute Computrace Absolute Software, can become a kind of “Archimedean lever” and useful software to transform into a powerful tool intruders.
This software is capable of potentially open defect cybercriminals access to millions of computers around the world – and as a key in this case, perform a software agent Absolute Computrace, stored in the BIOS firmware of modern computers and laptops. Analyze this feature security software specialists Absolute Software “Kaspersky Lab” began after found that Absolute Computrace software agent is working on a number of computers without prior authorization.Read more