There’s a brand new VirtualBox computer virus document, about skill of attacker to switch the Vbox firmware. The computer virus document had a hyperlink to a zipped DOCX document. It seems that, from Oracle’s reaction, that they believe firmware root-of-trust a long run enhancement, no longer a present computer virus. Virtualized firmware is fascinating for attackers with OS root get admission to: in that the firmware is extra accessable, it’s simply information on a disk, as a substitute of flash-based, no longer simply the information at the ESP.
This factor used to be to begin with reported to the protection group, however after some dialogue it used to be discussed that I must open this within the public computer virus monitoring device (turns out extraordinary to me, however…). Only for reference, practice the overall conclusion from the protection group:
“Admin rights give a consumer the facility to do anything else at the device. An “evil admin” is extra a social element of this computer virus than a product’s safety talents (or its lack thereof). Alternatively, we get your level and suppose that the “validation/take a look at” proposed via you will be an enhancement function within the product. Since our group (SecAlert) most effective offers with safety vulnerabilities within the product, we will be able to no longer be in a position that can assist you in this additional. It’s essential to log an enhancement request on VirtualBox’s public computer virus tracker:“