Acer Answers Security & Vulnerabilities

Acer Swift 3 Vulnerability May Allow Deactivation of Critical Protections Allowing Read/Write Access to the System Management Mode

VULNERABILITY DETAILS

Researchers have identified a vulnerability that may allow deactivation of critical protections used for the TSEG region, which stores SMM code, after the system has booted. This may allow a privileged attacker to deactivate the configured TSEG region protections and thus obtain read/write access to the System Management Mode (SMM), thus fully compromising it.

Impact Scope

Acer Swift 3 with BIOS v1.10A or older

Resolution

Acer has released a BIOS update (v1.11) to address this concern. We recommend downloading and updating your BIOS immediately. You can find the latest BIOS for your device on our Drivers and Manuals site.

Credit

Acer thanks Enrique Nissim, Krzysztof Okupski and Joseph Tartaro from IOActive for reporting this issue.

Disclaimer

THE ABOVE INFORMATION IS PROVIDED "AS IS" IN CONNECTION WITH ACER AND INTEL® PRODUCTS. YOUR USE OF THE INFORMATION OR MATERIALS LINKED FROM THIS PAGE IS AT YOUR OWN RISK. ACER RESERVES THE RIGHT TO CHANGE OR UPDATE THIS PAGE AT ANY TIME.

Swift Series Intel^® Evo™

Game Pass

Acer Corner

Gaming on Chromebook

Swift Series Intel® Evo™

Game Pass

Acer Corner

Gaming on Chromebook

Swift Series Intel^® Evo™