Security researchers frequently report bugs and flaws in x86 processors from Intel and AMD, where various tricks allow malicious attackers to gain access to data that needs to be protected. Major security vulnerabilities such as Specter and Meltdown have been standardized in both software and hardware, which can affect performance. Fortunately, most vulnerabilities have one thing in common: They are hard to exploit in real life, so average users rarely need to worry.
Another point of contact for many of the vulnerabilities is that the attacker must somehow interfere with the processor or, for example, go through features such as multi-threading technology to access the data. Now a group of security researchers is reporting a new type of vulnerability that applies to processors in the Intel Core 10000, Core 11000, and Core 12000 series. It’s related to an architecture-level flaw, called “Æpic Leak”, named after the processors StopAdvanced Programmable Interrupt Controller – APIC.
ÆPIC Leak is the first CPU fault capable of detecting architecturally sensitive data. It takes advantage of a vulnerability in modern Intel CPUs to leak secrets from the processor itself: on most 10th, 11th, and 12th generation Intel processors, the undefined APIC MMIO incorrectly returns old data from the cache hierarchy.
A privileged attacker (administrator or root) is required to access APIC MMIO. Thus, most systems are safe from ÆPIC Leak. However, systems that rely on SGX to protect data from sophisticated attackers will be at risk and, therefore, must be patched.
on weakness custom website Make it clear that “Æpic Leak” means that data protected by Intel Software Guard Extensions (SGX) extensions can be forced by exiting valid APIC limits. Unlike previous vulnerabilities, this can be done without disrupting the system, but administrator privileges are required for implementation. Furthermore, it is emphasized that only systems where SGX is used are in the danger zone.
Intel was notified of the specific “Ice Lake” and “Alder Lake” issue last December, and there are now microcode updates in place that may solve the problem. Researchers don’t think the vulnerability was actually used, but they recommend an update Firmware. For those who are curious about the details, the results are summarized in Report (PDF), accompanied by an easy-to-understand question and answer section on the website.
Read about more security vulnerabilities:
“Entrepreneur. Freelance introvert. Creator. Passionate reader. Certified beer ninja. Food nerd.”
More Stories
For sale: Some cycling shirts and jackets
For sale: Original AXS paddle, matchmaker and battery cover
Traces of an ancient meteorite impact in Greenland