Eclypsium researchers have discovered UEFI shells, authorized via Secure Boot, on Framework laptops. The UEFI shells contain capabilities that allow attackers to bypass Secure Boot on roughly 200,000 affected Framework laptops and desktops.
I really dislike this headline. A vulnerability was found, responsibly disclosed, and the vendor was responsive and is planning/pushing a fix. The headline drowns a successful mitigation in flowery language of controversy. The article also shows how this can happen on other vendor devices, but the headline here looks like just Framework messed up, when they’re the only vulnerable vendor with a fix in the pipeline (based on the info in the article). I really hate headline-bait journalism.
I really dislike this headline. A vulnerability was found, responsibly disclosed, and the vendor was responsive and is planning/pushing a fix. The headline drowns a successful mitigation in flowery language of controversy. The article also shows how this can happen on other vendor devices, but the headline here looks like just Framework messed up, when they’re the only vulnerable vendor with a fix in the pipeline (based on the info in the article). I really hate headline-bait journalism.
Titling choice probably fueled by their otherwise unrelated ongoing controversy, if I had to guess.
More blood for the blood god.