- Critical Security Aarability is identified in Broadcom -chips
- These missing leave Dell -Units that contain chips at risk
- The resulting attack has been called ‘Revault’ and users need to patch now
A number of critical security errors in Broadcom -chips may mean that tens of thousands of millions of dell -laptop and other devices are in danger of possible attack.
The serious vulnerabilities are found in over 100 models of Dell -Bearing computers with Broadcom -Chips, Cisco Talos has revealed, and is therefore in danger of an attack called the researchers ‘Revault’.
A Revault attack could be used ‘as a physical compromise to bypass Windows login and/or for any local user to obtain administrator/system rights’, allowing a hacker to steal sensitive information and credentials as well as biometric data such as fingerprint information.
Dell laptops at risk
These deficiencies could have a ‘significant’ influence on the victims, and Cisco Talos reports two primary attack scenarios; A physical attack and a pivot after compromise.
As the name suggests, the physical attack refers to a local striker with access to the victim’s device who gets direct access to the USH board over USB with a custom connector.
From there, the vulnerabilities become ‘I-SCOPE for the striker without requiring the possibility of logging into the system or knowing an encryption of full discovery’. If a system is configured to be unlocked with biometric data, it may be possible to adjust the CV company to allow any fingerprint rather than just legitimate users.
In a Post-Compromepivot, users without administrative privileges can use the CV company to trigger arbitrary code execution and potentially delicious ‘key material that is important for the device’s safety’ and then get the ability to change the firmware permanently.
Dell confirmed that customers have been notified of available updates that address the vulnerabilities; “In collaboration with our firmware provider, we dealt with the problems quickly and transparent revealed the reported vulnerabilities in accordance with our vulnerability policy.”
“Customers can review Dell Security Advisory DSA-2025-053 for information about affected products, versions and more. As always, it is important that customers immediately use security updates that we make available and move to supported versions of our products to ensure that their systems remain safe.”
It is not yet clear whether these vulnerabilities have been utilized in nature, but users are of course recommended to patch Pressing to tackle them, as well as to regularly rotate passwords and use MFA where possible.
