D
DelJo63
The artical is at Arstechnica.com and you are encouraged to read the details yourself.
Physical access is required to make the hack so it's not going to reach in and grab you by the throat -- but you should be aware of it.
Physical access is required to make the hack so it's not going to reach in and grab you by the throat -- but you should be aware of it.
Boot Hole, as the researchers have named the vulnerability, stems from a buffer overflow in the way that GRUB2 parses text in grub.cfg, the boot loader’s main configuration file. By adding long text strings in the file, attackers can overfill the memory space allotted for the file and cause malicious code to spill into other parts of memory, where it then is executed.
The configuration file isn’t digitally signed, so Secure Boot won’t detect when it has been maliciously altered. GRUB2 also doesn’t use address space layout randomization, data execution prevention, and other anti-exploit protections that are standard in operating systems.
