BootHole – GRUB2 vulnerability threatens secure boot (CVE-2020-10713):
– To be exploited, the attacker needs to modify the grub.cfg file first.
– If exploited, attackers can permanently access the system.
– Keep your operating system up-to-date.
@infosechandbook So who might bee the “bootable tool vendor who added custom code to perform a signature verification of the grub.cfg config file in addition to the signature verification performed on the GRUB2 executable”?
chaos.social – a Fediverse instance for & by the Chaos community