Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware (bleepingcomputer.com) 16
Catalin Cimpanu, writing for BleepingComputer: Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip's SPI Flash memory -- a mandatory component used during the boot-up process [1, 2, 3]. According to Lenovo, who recently deployed the Intel fixes, "the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware." Lenovo engineers say "this would most likely result in a visible malfunction, but could in rare circumstances result in arbitrary code execution."
Industry-wide patching it is. And now that security researchers are finally looking at hardware again, expect more of these. For one thing is sure: Intel has been doing an exceptionally bad job the last decade or so, possibly because they believed to have won the game.
Don't worry, most of the industry won't bother with patching...
You seem to be unaware that modern computers do not have a BIOS anymore and that it gets emulated by UEFI.
I am tired of having to rely on software security measures that will inevitably not work. Give me a fucking switch to turn off write access in hardware. The IT industry sucks.
Did you know that the audio chips don't really care which is a microphone and which is the speaker, and that either can be reprogrammed to the either? You don't need to bother unplugging your microphone if you're leaving your speakers plugged in. It's all software these days.