Summary: A vulnerability in several trusted system recovery programs allows privileged attackers to inject malware into the UEFI startup process. The issue, identified as CVE-2024-7344, arises from the use of a custom loader in the “reloader.efi” file, enabling the loading of unsigned binaries. This flaw poses significant risks, as it can bypass UEFI Secure Boot protections, allowing persistent malware installation.
Threat Actor: Privileged attackers | privileged attackers
Victim: Users of affected recovery software | users of affected recovery software
Keypoints :
- Vulnerability allows malware injection into UEFI devices during startup.
- Seven recovery products are affected, using the “reloader.efi” file.
- Attackers can exploit the flaw by gaining administrator privileges to replace legitimate files with malicious ones.
Source: https://www.darkreading.com/vulnerabilities-threats/trusted-apps-bug-uefi-boot-process