Friday , 21 September 2018
Home » NEWS » TOP 10 STORIES » Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware

Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware

Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip’s SPI Flash memory —a mandatory component used during the boot-up process [123]. According to Lenovo, who recently deployed the Intel fixes, “the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware.” Lenovo engineers say “this would most likely result in a visible malfunction, but could in rare circumstances result in arbitrary code execution.”

View full story

ORIGINAL SOURCE: Bleeping Computer

About Japonica Jackson

Japonica is head of editorial at IT Security Guru. If you'd like to get in touch with Japonica, please email editor@itsecurityguru.org.