Security Notifications
With experts in UEFI firmware development across the globe, the Phoenix Security Team is dedicated to establishing and fortifying trust in firmware.
Sunburst and SolarWinds Data Breach
Alert (AA20-352A) – US-Cert – CISA
In December 2020, cybersecurity researchers at FireEye discovered and reported a supply chain attack on SolarWinds software.
WinFlash and WinFlash32 Drivers
In May 2019, Phoenix was contacted by researchers from Eclypsium about a security concern regarding our WinFlash and WinFlash32 drivers.
LoJax Rootkit
On September 27, 2018, security researchers from ESET publicly disclosed the discovery of a UEFI rootkit named “LoJax” that was “found in the wild.”
AMD Silicon (MASTERKEY, RYZENFALL, FALLOUT and CHIMERA)
CVE-2018-8930, CVE-2018-8931, CVE-2018-8932, CVE-2018-8933, CVE-2018-8934, CVE-2018-8935, CVE-2018-8936
On March 13, 2018, security researchers from CTS Labs publicly disclosed vulnerabilities discovered in certain AMD silicon, named MASTERKEY, RYZENFALL, FALLOUT, and CHIMERA. Phoenix’s UEFI firmware is not vulnerable to these attacks.
Meltdown and Spectre
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
A new class of security vulnerabilities, named Meltdown and Spectre, became public knowledge in early January 2018.