Monday, August 10, 09:37
Home security BootHole Bug: Affects all distributions with GRUB2 bootloader

BootHole Bug: Affects all distributions with GRUB2 bootloader

Recently, researchers from the company Eclypsium, discovered the new "BootHole" Bow, which affects all operating systems they use GRUB2 bootloader with Secure Boot.

Today, almost all of its different distributions Linux, as well as many of the devices with Windows, use the GRUB2 bootloader. According to researchers, hackers can gain almost full access to these devices, regardless of secure boot selection.

However, to be able to access systems, hackers must first gain administrative privileges before they can make changes to the Bootloader config. Of course, although administrative rights are needed, "BootHole" remains a serious problem, affecting a large percentage of users.

Therefore, many companies are already working with Eclypsium to remove "BootHole" from future distributions. Other companies, such as Red Hat, have already announced some security fixes for their products.

BootHole Bug: Affects all distributions with GRUB2 bootloader

At the same time, its development team Debian performs a complete check of the GRUB2 bootloader code. As Debian 10 "buster" is the first version that contains UEFI Secure Boot, the team wants to improve the bootloader of the operating system, before the release of version 10.5, which will come in early August.

In addition to the Debian development team, his team SUSE Linux has also made several improvements to the GRUB2 bootloader. According to Marcus Meissner, the "BootHole" bug has already been removed from all SUSE products Linux. Additionally, distributions include other enhancements, such as updates to kernel packages.

Of course, all known Linux distributions have already been updated. For example, Canonical has announced improved versions of it Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS and 20.04 LTS.

In addition to the "BootHole" bug, Eclypsium researchers have discovered some more vulnerabilities, known as CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706 and CVE-2020-15707. For the same reason, vulnerable distribution teams recommend that users update their operating systems immediately so that they can avoid future attacks.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


How to type in multiple languages ​​simultaneously on Android

People in today's world are very much addicted to smartphones. They provide access to many applications that can be used mainly ...

LucidPix: Make your photos 3D with this app!

Give a 3D format to your photos, with the LucidPix application, which is available in various versions for both Android and iPhone ...

Private or anonymous browsing: Does it guarantee your privacy on the Internet?

The term "private" is relevant, especially when it comes to private or anonymous browsing on the Internet, a setting in your web browser ...

Businesses: 8 types of cyber attacks to watch out for

Nowadays, all businesses, small and large must be on alert, as they can ...

How to reverse image search via Google?

The term "image search" is familiar to those who use search engines. It means that you are looking for an image related to a text that ...

Email tracking: How to be invisible in Gmail

Most people do not know what "email tracking" is, and they often fall victim to hacking and data interception when they open ...

Free services to check the validity of your passwords

Two-factor authentication, one-on-one connectivity and other tools have made it easier than ever to improve your internet security, ...

How can you back up your Gmail?

Many users may change jobs, decide to stop using a particular email account or just want a copy ...

Amazon Prime Video: How to create a new user profile?

Amazon Prime Video has added a new handy feature: the ability to create separate profiles with individual parental controls. See how you can ...

Hacker leaked online 20 GB of Intel internal documents!

Intel is investigating reports that a hacker has leaked online 20 GB of data coming from the giant of ...