Binarly showcases a new exploit dubbed "LogoFAIL" which represents a recently identified set of security vulnerabilities impacting diverse image parsing libraries within system firmware used in the device boot process by various vendors. Typically found within Independent BIOS Vendors (IBVs), these vulnerabilities affect products from major device manufacturers utilizing UEFI firmware in both consumer and enterprise-grade devices.
These vulnerabilities enable attackers to store malicious logo images either on the EFI System Partition (ESP) or within unsigned sections of a firmware update. During the boot process, logo images are parsed, subsequently leading to vulnerability exploitation with the execution of malicious code. This compromise may result in the circumvention of security features like Secure Boot, including hardware-based Verified Boot mechanisms, ultimately enhancing the malware's ability to evade detection and maintain persistence.