heise online

Bootloader U-Boot: Vulnerabilities allow bypassing the chain of trust

IT security researchers have discovered several security vulnerabilities in the Universal Boot Manager U-Boot. They allow attackers to circumvent the chain of trust and inject and execute arbitrary ...
GIGAZINE

Microsoft uses AI tool Security Copilot to discover unknown vulnerabilities in open source boot loaders such as GRUB2, U-Boot, and Barebox

Microsoft has reported that a new analysis method using its proprietary AI tool, Security Copilot, has found new vulnerabilities in open source boot loaders such as GRUB2, U-Boot, and barebox. This ...
Ars Technica

Lenovo patches secure boot vulnerabilities that imperil 25 notebook models

Hmmm, I'll probably get mass-downvoted for this opinion… but maybe UEFI is trying to do too much? Boot firmware is one of these things you leave well alone unless you really have an egregious problem ...
Bleeping Computer

Microsoft blocks UEFI bootloaders enabling Windows Secure Boot bypass

Some signed third-party bootloaders for the Unified Extensible Firmware Interface (UEFI) could allow attackers to execute unauthorized code in an early stage of the boot process, before the operating ...
Ars Technica

Lenovo driver goof poses security risk for users of 25 notebook models

More than two dozen Lenovo notebook models are vulnerable to malicious hacks that disable the UEFI secure-boot process and then run unsigned UEFI apps or load bootloaders that permanently backdoor a ...