An issue exists in certain Apple products. macOS prior to 10.13.5 is affected. The issue involves the "Firmware" component. It allows malicious users to modify the EFI flash-memory region that a crafted app that has root access.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x |
Slack motherboard firmware controls leave machines open to deep-rooted malware
Updated Gaming PC specialist Razer has been singled out for leaving its motherboards vulnerable to a well-known and critical firmware vulnerability. Infosec bod Bailey Fox said Razer's Intel notebook models are still vulnerable to CVE-2018-4251, a security screw-up that potentially allows malware with administrative rights to alter the system's firmware, thus allowing it to burrow deep into the PC and survive reboots and hard drive wipes. The issue has been known about since last year, and has b...
Chipzilla's security through obscurity withers under scrutiny Intel Management Engine JTAG flaw proof-of-concept published
In its ongoing exploration of Intel's Management Engine (ME), security biz Positive Technologies has reaffirmed the shortsightedness of security through obscurity and underscored the value of open source silicon. The Intel ME, included on most Intel chipsets since 2008, is controversial because it expands the attack surface of Intel-based hardware. If compromised, it becomes side-channel threat to the main processor. The Electronic Frontier Foundation last year called it a security hazard and as...