Linux UEFI Shim Vulnerability Severe Exploitation of Obsolete Bootloaders

DedicatedLinux

ESET researchers identified 11 old and forgotten Linux UEFI shim bootloaders at versions 0.9 and below that can be used to bypass UEFI Secure Boot on any UEFI-based machine that trusts Microsoft’s Microsoft Corporation UEFI CA 2011 third-party certificate authority, regardless of the installed operating system (OS). Reported shims can be exploited to execute untrusted code during system boot, enabling attackers to deploy malicious UEFI bootkits even on systems with UEFI Secure Boot enabled. LinuxSecurity – Security ArticlesRead More