Security Notifications
With experts in UEFI firmware development across the globe, the Phoenix Security Team is dedicated to establishing and fortifying trust in firmware.
Phoenix Technologies SPI SMM Driver Vulnerability
Phoenix Technologies has been notified by IOActive researchers of a security issue in its SecureCore Technology SPI SMM Driver that could allow unauthorized access to the SPI flash on some platforms.
High Severity Vulnerability in HP PC BIOS
HP discovered a potential vulnerability in the BIOS of certain HP PC products that use AMI UEFI Firmware.
High Severity Vulnerability in Acer Notebook Devices
A vulnerability has been discovered in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices, which may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.
The BlackLotus Campaign
Microsoft Incident Report | CVE-2022-21894
In April 2023, cybersecurity researchers at Microsoft identified a dangerous UEFI bootkit (CVE-2022-21894), dubbed “BlackLotus”. It operates at computer startup, compromising systems and disabling OS security mechanisms.
High Severity Vulnerability in Acer Aspire E5-475G BIOS
A stack overflow vulnerability has been found in the BIOS firmware of Aspire E5-475G laptops, which can allow local attackers to execute arbitrary code and gain escalated privileges during the boot process.
