Acer Firmware Flaw Lets Attackers Bypass Key Security Feature
Security researchers at ESET have identified a flaw tracked as CVE-2022-4020 impacting the Acer firmware. The flaw impacts five of the company’s laptop models and could allow an attacker to disable a device’s Secure Boot settings, leading to malware execution and disarming of security measures. The flaw was discovered on some versions of consumer Acer Aspire and Extensa notebooks, according to ESET.
An attacker with elevated privileges could exploit the flaw to modify the Secure Boot settings via an NVRAM variable, ESET stated in a series of tweets. ESET notified Acer of the flaw, and the company is currently investigating and taking the necessary actions to ensure the security of its consumers.