Acer driver flaw allows deploying malware during boot process


Acer devices are impacted by a driver vulnerability similar to an earlier discovered bug that affected several Lenovo computer models.

The bug affecting Acer devices allows deactivating UEFI Secure Boot, researchers at cybersecurity company ESET said. Acer, the multinational Taiwanese electronics maker, issued an advisory, telling users of affected devices to upgrade to the latest firmware.

“By disabling the Secure Boot feature, an attacker can load their own unsigned malicious bootloader to allow absolute control over the OS loading process. This can allow them to disable or bypass protections to silently deploy their own payloads with the system privileges,” Acer said in an advisory.

UEFI, short for Unified Extensible Firmware Interface, is used to kickstart the hardware of a computer before loading the operating system. The Secure Boot function ensures that no malicious code is loaded during the device‘s boot process.

According to the researchers, the vulnerability (CVE-2022-4020) can be exploited by creating NVRAM (non-volatile random-access memory) variables. If the variable exists, ESET said in a Tweet, the driver disables Secure Boot.

The flaw affects five Acer computer models, Acer Aspire A315-22, A115-21, A315-22G, Extensa EX215-21, and EX215-21G.

The flaw ESET discovered is almost identical to the one researchers discovered in Lenovo computers. The vulnerabilities Lenovo fixed earlier this month would have allowed threat actors to deactivate UEFI Secure Boot if exploited.

Flaws in the UEFI firmware impacted several of its popular Lenovo laptop models, such as Yoga, IdeaPad, and ThinkBook.

Earlier this year, ESET discovered that over 70 models of Lenovo notebook devices were fitted with vulnerable UEFI firmware. Buffer overflow vulnerabilities in the UEFI firmware allowed attackers to carry out arbitrary code execution (ACE) attacks and disable essential security features.


More from Cybernews:

OpZero’s modus operandi: opportunity hunter, front for Kremlin, or both?

Cyber pirates feel Monday mourning blues

Iran’s state media machine suffers another hack amid protests

Metaverse is causing Meta to lose billions – and it’s becoming a problem

America tightens the screw on Chinese telecom firms

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked