3 matches found
Insyde InsydeH2O permission permission and access control issues vulnerability (CNVD-2022-10274)
Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. Operating System H2O UEFI firmware is vulnerable to permission and access control issues, which can be...
Black Hat 2018: Update Mechanisms Allow Remote Attacks on UEFI Firmware
LAS VEGAS – Researchers said they found buffer overflow flaws in the firmware for ASRock and ASUS, potentially enabling bad actors to remotely launch man-in-the-middle MITM attacks. The findings, which will be presented Wednesday at Black Hat USA this week by researchers from Eclypsium, show that...
Secure Boot in Windows 8 Worries Researchers
Windows 8, like Windows 7 and Vista before it, is being touted as the most secure version of Windows ever. In past releases, many of the security improvements have come through exploit mitigations such as ASLR and DEP and better software security practices during development. In Windows 8, howeve...