From bleepingcomputer.com
GRUB, a popular boot loader used by Unix-based operating systems has fixed multiple high severity vulnerabilities.
In 2020, BleepingComputer had reported on the BootHole vulnerability in GRUB2 that could have let attackers compromise an operating system’s booting process even if the Secure Boot verification mechanism was active.
Threat actors could further abuse the flaw to hide arbitrary code (“bootkit”) within the OS that would run on every boot.
Particularly, flaws like these in boot loaders allow circumvention of UEFI Secure Boot, a verification mechanism for ensuring that code executed by a computer’s UEFI firmware is trusted and not malicious.