New Flaw in Acer Laptops Might Let Attackers Disable Safe Boot Safety

New Flaw in Acer Laptops Might Let Attackers Disable Safe Boot Safety
New Flaw in Acer Laptops Might Let Attackers Disable Safe Boot Safety

Nov 29, 2022Ravie Lakshmanan

Acer has launched a firmware replace to handle a safety vulnerability that may very well be doubtlessly weaponized to show off UEFI Safe Boot on affected machines.

Tracked as CVE-2022-4020, the high-severity vulnerability impacts 5 completely different fashions that include Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G.

The PC maker described the vulnerability as a problem that “could permit modifications to Safe Boot settings by creating NVRAM variables.” Credited with discovering the flaw is ESET researcher Martin Smolár, who beforehand disclosed comparable bugs in Lenovo computer systems.

Disabling Safe Boot, an integrity mechanism that ensures that solely trusted software program is loaded throughout system startup, allows a malicious actor to tamper with boot loaders, resulting in extreme penalties.

This consists of granting the attacker full management over the working system loading course of in addition to “disable or bypass protections to silently deploy their very own payloads with the system privileges.”

UPCOMING WEBINAR

Zero Belief + Deception: Be taught The best way to Outsmart Attackers!

Uncover how Deception can detect superior threats, cease lateral motion, and improve your Zero Belief technique. Be part of our insightful webinar!

Save My Seat!

Per the Slovak cybersecurity firm, the flaw resides in a DXE driver referred to as HQSwSmiDxe.

The BIOS replace is anticipated to be launched as a part of a vital Home windows replace. Alternatively, customers can obtain the fixes from Acer’s Assist portal.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we put up.


Supply By https://thehackernews.com/2022/11/new-flaw-in-acer-laptops-could-let.html

Related posts