{"id":55085,"date":"2024-01-17T14:06:06","date_gmt":"2024-01-17T14:06:06","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35409\/New-UEFI-Vulnerabilities-Send-Firmware-Devs-Across-An-Entire-Ecosystem-Scrambling.html"},"modified":"2024-01-17T14:06:06","modified_gmt":"2024-01-17T14:06:06","slug":"new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/","title":{"rendered":"New UEFI Vulnerabilities Send Firmware Devs Across An Entire Ecosystem Scrambling"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/GettyImages-1294855961-800x544.jpg\" alt=\"New UEFI vulnerabilities send firmware devs industry wide scrambling\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Nadezhda Kozhedub<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/security\/2024\/01\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">62<\/span> <\/a> <\/aside>\n<p> <!-- cache hit 12:single\/related:fe0d99ab5f1ead515e21936755c7560d --><!-- empty --><\/p>\n<p>UEFI firmware from five of the leading suppliers contains vulnerabilities that allow attackers with a toehold in a user&#8217;s network to infect connected devices with malware that runs at the firmware level.<\/p>\n<p>The vulnerabilities, which collectively have been dubbed PixieFail by the researchers who discovered them, pose a threat mostly to public and private data centers and possibly other enterprise settings. People with even minimal access to such a network\u2014say a paying customer, a low-level employee, or an attacker who has already gained limited entry\u2014can exploit the vulnerabilities to infect connected devices with a malicious UEFI.<\/p>\n<p>Short for <a href=\"https:\/\/en.wikipedia.org\/wiki\/Unified_Extensible_Firmware_Interface\">Unified Extensible Firmware Interface<\/a>, UEFI is the low-level and complex chain of firmware responsible for booting up virtually every modern computer. By installing malicious firmware that runs prior to the loading of a main OS, UEFI infections can\u2019t be detected or removed using standard endpoint protections. They also give unusually broad control of the infected device.<\/p>\n<h2>Five vendors, and many a customer, affected<\/h2>\n<p>The nine vulnerabilities that comprise PixieFail reside in <a href=\"https:\/\/en.wikipedia.org\/wiki\/TianoCore_EDK_II\">TianoCore EDK II<\/a>, an open source implementation of the UEFI specification. The implementation is incorporated into offerings from Arm Ltd., Insyde, AMI, Phoenix Technologies, and Microsoft. The flaws reside in functions related to IPv6, the successor to the IPv4 Internet Protocol network address system. They can be exploited in what\u2019s known as the PXE, or <a href=\"https:\/\/arstechnica.com\/security\/2024\/01\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/link\">Preboot Execution Environment<\/a>, when it\u2019s configured to use IPv6.<\/p>\n<p>PXE, sometimes colloquially referred to as Pixieboot or netboot, is a mechanism enterprises use to boot up large numbers of devices, which more often than not are servers inside of large data centers. Rather than the OS being stored on the device booting up, PXE stores the image on a central server, known as a boot server. Devices booting up locate the boot server using the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Dynamic_Host_Configuration_Protocol\">Dynamic Host Configuration Protocol<\/a> and then send a request for the OS image.<\/p>\n<p>PXE is designed for ease of use, uniformity, and quality assurance inside data centers and cloud environments. When updating or reconfiguring the OS, admins need to do so only once and then ensure that hundreds or thousands of connected servers run it each time they boot up.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<figure class=\"image shortcode-img center full\"><img loading=\"lazy\" decoding=\"async\" alt=\"A diagram showing how PXE boot works when using IPv6.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/01\/Network_Protocols_SNP_PXE_BIS-2.png\" width=\"622\" height=\"610\"><figcaption class=\"caption\">\n<div class=\"caption-text\">A diagram showing how PXE boot works when using IPv6.<\/div>\n<\/figcaption><\/figure>\n<p>By exploiting the PixieFail vulnerabilities, an attacker can cause servers to download a malicious firmware image rather than the intended one. The malicious image in this scenario will establish a permanent beachhead on the device that\u2019s installed prior to the loading of the OS and any security software that would normally flag infections.<\/p>\n<p>The vulnerabilities and <a href=\"https:\/\/github.com\/quarkslab\/pixiefail\">proof-of-concept code<\/a> demonstrating the presence of the vulnerabilities were developed by researchers from security firm Quarkslab, which <a href=\"https:\/\/blog.quarkslab.com\/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html\">published<\/a> the findings Tuesday.<\/p>\n<p>The network presence required to exploit most of the vulnerabilities is relatively minor. Attackers need not establish their own malicious server or gain high-level privileges. Instead, the attacker only needs the ability to view and capture traffic as it traverses the local network. This kind of access may be possible when someone has a legitimate account with a cloud service or after first exploiting a separate vulnerability that gives limited system rights. With that, the attacker can then exploit PixieFail to plant a UEFI-controlled backdoor in huge fleets of servers.<\/p>\n<p>Quarkslab Chief Research Officer Iv\u00e1n Arce said in an interview:<\/p>\n<blockquote>\n<p>An attacker doesn&#8217;t need to have physical access neither to the client nor the boot server. The attacker just needs to have access to the network where all these systems are running and it needs to have the ability to capture packets and to inject packets or transmit packets. When the client-{based server] boots, the attacker just needs to send the client a malicious packet in the [request] response that will trigger some of these vulns. The only access that the attacker needs is access to the network, not physical access to any of the clients, nor to the boot server or DHCP server. Just capture packets or send packets in the network, where all these servers are running.<\/p>\n<\/blockquote>\n<p>For PixieFail to be exploited, PXE must be turned on. For the overwhelming number of UEFIs in use, PXE isn\u2019t turned on. PXE is generally used only in data centers and cloud environments for rebooting thousands or tens of thousands of servers. Additionally, PXE must be configured to be used in combination with IPv6 routing.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35409\/New-UEFI-Vulnerabilities-Send-Firmware-Devs-Across-An-Entire-Ecosystem-Scrambling.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":55086,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[968],"class_list":["post-55085","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlineflaw"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>New UEFI Vulnerabilities Send Firmware Devs Across An Entire Ecosystem Scrambling 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New UEFI Vulnerabilities Send Firmware Devs Across An Entire Ecosystem Scrambling 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-17T14:06:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/GettyImages-1294855961-800x544.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"New UEFI Vulnerabilities Send Firmware Devs Across An Entire Ecosystem Scrambling\",\"datePublished\":\"2024-01-17T14:06:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\\\/\"},\"wordCount\":750,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling.jpg\",\"keywords\":[\"headline,flaw\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\\\/\",\"name\":\"New UEFI Vulnerabilities Send Firmware Devs Across An Entire Ecosystem Scrambling 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling.jpg\",\"datePublished\":\"2024-01-17T14:06:06+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling.jpg\",\"width\":800,\"height\":544},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,flaw\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlineflaw\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"New UEFI Vulnerabilities Send Firmware Devs Across An Entire Ecosystem Scrambling\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New UEFI Vulnerabilities Send Firmware Devs Across An Entire Ecosystem Scrambling 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/","og_locale":"en_US","og_type":"article","og_title":"New UEFI Vulnerabilities Send Firmware Devs Across An Entire Ecosystem Scrambling 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-01-17T14:06:06+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/03\/GettyImages-1294855961-800x544.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"New UEFI Vulnerabilities Send Firmware Devs Across An Entire Ecosystem Scrambling","datePublished":"2024-01-17T14:06:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/"},"wordCount":750,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/01\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling.jpg","keywords":["headline,flaw"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/","url":"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/","name":"New UEFI Vulnerabilities Send Firmware Devs Across An Entire Ecosystem Scrambling 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/01\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling.jpg","datePublished":"2024-01-17T14:06:06+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/01\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/01\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling.jpg","width":800,"height":544},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,flaw","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineflaw\/"},{"@type":"ListItem","position":3,"name":"New UEFI Vulnerabilities Send Firmware Devs Across An Entire Ecosystem Scrambling"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55085","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=55085"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55085\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/55086"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=55085"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=55085"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=55085"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}