'At the Hack in the Box conference in Amsterdam this week, researchers Peter Bosch and Trammell Hudson presented a new attack against the Boot Guard feature of Intel's reference UEFI implementation, known as Tianocore. The attack, which can give an attacker full, persistent access, involves replacing a PC's SPI flash chip with one that contains rogue code, reports Lucian Constantin for CSO. "Even though such physical attacks require a targeted approach and will never be a widespread threat, they can pose a serious risk to businesses and users who have access to valuable information," writes Constantin. Intel has patches available for Tianocore, but as we all remember from the Meltdown and Spectre vulnerabilities, distributing UEFI patches isn't an easy process.' -- source: https://it.slashdot.org/story/19/05/10/2335225 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/