Matthew Garrett ([personal profile] mjg59) wrote 2015-02-17 10:38 pm (UTC)

The GrayFish code that's been analysed will only attack MBR-based disks. GPT disks on BIOS systems can have arbitrary code injected into them as well, but Windows won't run on GPT disks on BIOS systems so it's not really worth targeting. UEFI systems don't read a boot sector off a GPT disk - they run a bootloader directly instead. Without Secure Boot it's straightforward to modify that bootloader. It *shouldn't* be possible to execute arbitrary code from the UEFI variable store, but obviously there's always the potential for parsing errors or buffer overflows that could do something nasty.
(50 comments)

Post a comment in response:

If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.