"PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models"

According to Binarly, there is a Secure Boot issue affecting hundreds of computer models. The vulnerability, called "PKfail," enables attackers to run malicious code during the device's boot process. It stems from an exposed American Megatrends International (AMI) Platform Key (PK), a Secure Boot private key. The exposed PK was a default key provided by AMI and was not meant for use in production. However, several major computer manufacturers shipped many devices with the untrusted key as they did not change the PK. The key, exposed in a recent data leak, allows attackers with access to a device affected by PKfail to sign malicious code and evade Secure Boot. Through this, they can deliver UEFI bootkits, such as "BlackLotus." This article continues to discuss findings regarding the PKfail vulnerability.

SecurityWeek reports "PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models"

Submitted by grigby1