The risk is "image parsers in UEFIs ... are riddled with roughly a dozen critical vulnerabilities" but what is the attack vector? Has a dropper been identified? Or is this an academic finding only?
Their idea of an attack vector: local exploit or phishing -> privilege escalation -> accessing the UEFI partition.
Say, an installer of a pirated game might pull this off, and turn your machine into a permanent botnet node, incurable by standard means, and maybe undetectable. But this is a low-value target; a usually dormant, stealthy fileless malware on a laptop that belongs to a CEO or a high-ranking government official may be much more insidious and impactful.
> There’s no indication that LogoFAIL vulnerabilities have been actively exploited in the wild, but there’s also little way one would know, since infections are so hard to spot using traditional tools and methods.
