The Binarly research team has discovered a set of security vulnerabilities called LogoFAIL that affect image parsing libraries used in system firmware during the device boot process. These vulnerabilities impact major device manufacturers on both x86 and ARM-based devices, rendering security measures like Secure Boot ineffective. The vulnerabilities allow attackers to store malicious logo images in the firmware, which can be triggered during boot to execute a malicious payload and bypass security technologies. LogoFAIL differs from previous threats like BlackLotus and BootHole because it exploits runtime integrity and security measurements rather than modifying the bootloader or firmware component. Many consumer and enterprise devices from vendors like Intel, Acer, and Lenovo are potentially vulnerable. Binarly’s binary code analysis technology can identify these vulnerabilities in firmware and provide actionable incident response. The full technical details of LogoFAIL will be presented at the Black Hat Europe conference.
https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/