News Posts matching #vulnerability

Return to Keyword Browsing

New Linux RCE Vulnerability Leaks Ahead of Disclosure - Allows Arbitrary Code Execution via CUPS Print Scheduler

A new vulnerability was recently discovered in a widely used print server that is installed by default on many Linux and Unix-based systems with a graphical user interface. The primary attack vector for the vulnerability is the CUPS (Common Unit Printing System) print scheduler, specifically cups-browsed, and has the potential to execute code remotely with zero user interaction required.

The vulnerability has reportedly been given a CVSS score of 9.9 by RHEL and Canonical, although this score is hotly debated, with some arguing it should have a lower score, because, although code can be remotely downloaded to the system, it cannot be executed without user intervention. Fortunately, there is no evidence of the vulnerability having been exploited, although the disclosure was leaked online ahead of a planned private reveal in October, prompting the developer that discovered the vulnerability to post the full explanation in a write-up on their blog. This being the case, the vulnerability could very well start being exploited by malicious actors.

"Sinkclose" Vulnerability Affects Every AMD CPU Dating Back to 2006

A critical security flaw known as "Sinkclose" (CVE-2023-31315) has been identified in all AMD processors dating back to 2006, potentially affecting hundreds of millions of devices worldwide. This vulnerability allows malicious actors to exploit the chip architecture, leading to unauthorized access to sensitive data. Researchers Enrique Nissim and Krzysztof Okupski, researchers from the security firm IOActive, have revealed that the vulnerability can be exploited through various methods, enabling attackers to extract confidential information from affected systems, including passwords and personal data. The issue is especially concerning, given that it is present in all AMD CPUs made in the last 18 years and their widespread use in both consumer and enterprise environments. However, to exploit this vulnerability, an attacker must possess access to system's kernel. Downloading of malware-infused files can trigger it, so general safety measures are recommended.

The Sinkclose method exploits a little-known capability in AMD processors called TClose. This name is a blend of "TClose" and "Sinkhole," with the latter referring to a previous vulnerability found in Intel's System Management Mode in 2015. AMD chips employ a protective mechanism named TSeg, which blocks operating systems from accessing a specific memory area reserved for System Management Mode (SMM), known as System Management Random Access Memory (SMRAM). However, the TClose feature is designed to maintain backward compatibility with older hardware that might use the same memory addresses as SMRAM. It does this by remapping memory when activated. The security experts discovered that they could manipulate this TClose remapping function using only standard operating system permissions. By doing so, they could deceive the SMM into retrieving altered data, enabling them to redirect the processor and run their own instructions with the high-level privileges of SMM. This technique essentially allows attackers to bypass standard security measures and execute malicious code at one of the most privileged levels of the processor, potentially compromising the entire system.

"Indirector" is Intel's Latest Branch Predictor Vulnerability, But Patch is Already Out

Researchers from the University of California, San Diego, have unveiled a significant security vulnerability affecting Intel Raptor Lake and Alder Lake processors. The newly discovered flaw, dubbed "Indirector," exposes weaknesses in the Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB), potentially allowing attackers to execute precise Branch Target Injection (BTI) attacks. The published study provides a detailed look into the intricate structures of the IBP and BTB within recent Intel processors, showcasing Spectre-style attach. For the first time, researchers have mapped out the size, structure, and precise functions governing index and tag hashing in these critical components. Particularly concerning is the discovery of previously unknown gaps in Intel's hardware defenses, including IBPB, IBRS, and STIBP. These findings suggest that even the latest security measures may be insufficient to protect against sophisticated attacks.

The research team developed a tool called "iBranch Locator," which can efficiently identify and manipulate specific branches within the IBP. This tool enables highly precise BTI attacks, potentially compromising security across various scenarios, including cross-process and cross-privilege environments. One of the most alarming implications of this vulnerability is its ability to bypass Address Space Layout Randomization (ASLR), a crucial security feature in modern operating systems. By exploiting the IBP and BTB, attackers could potentially break ASLR protections, exposing systems to a wide range of security threats. Experts recommend several mitigation strategies, including more aggressive use of Intel's IBPB (Indirect Branch Prediction Barrier) feature. However, the performance impact of this solution—up to 50% in some cases—makes it impractical for frequent domain transitions, such as those in browsers and sandboxes. In a statement for Tom's Hardware, Intel noted the following: "Intel reviewed the report submitted by academic researchers and determined previous mitigation guidance provided for issues such as IBRS, eIBRS and BHI are effective against this new research and no new mitigations or guidance is required."

AMD Patches Zenbleed Vulnerability with AGESA 1.2.0.Ca Update

AMD classified the Zenbleed vulnerability, CVE-2023-20593, as a medium-level threat about a year ago. AMD has acknowledged that it could potentially allow an attacker to access sensitive information under certain microarchitectural circumstances. Today, MSI has released new BIOS updates featuring AMD's AM4 AGESA 1.2.0.Ca firmware update. This update addresses the Zenbleed vulnerability affecting AMD's Ryzen 4000 series Zen 2 APUs. MSI is proactively rolling out the new BIOS updates across its range of compatible motherboards. The updates are currently available for almost all X570 motherboards, with support for other chipsets and 400 series motherboards expected to follow soon.

The AGESA 1.2.0.Ca firmware update specifically targets the Zenbleed vulnerability in the Zen 2 microarchitecture. Although the vulnerability primarily affects Ryzen 4000 "Renoir" APUs, it also exists in other Zen 2 processors, including the Ryzen 3000 series and certain EPYC and Threadripper CPUs. AMD has already addressed the Zenbleed vulnerability in previous AGESA microcode updates for Ryzen 3000 processors and other platforms, such as EPYC server CPUs and Ryzen mobile CPUs. However, the Ryzen Embedded V2000 CPUs are still awaiting the EmbeddedPi-FP6 1.0.0.9 AGESA firmware update, which is expected to be released by April. While AMD has not explicitly stated whether the security update will impact performance, previous testing of Zenbleed fixes has shown potential performance drops of up to 15% in certain workloads, although gaming performance remained relatively unaffected. Users with AM4 chips based on architectures other than Zen 2, such as Zen+ or Zen 3, do not need to update their BIOS as they are not affected by this specific vulnerability.

AMD Response to "ZENHAMMER: Rowhammer Attacks on AMD Zen-Based Platforms"

On February 26, 2024, AMD received new research related to an industry-wide DRAM issue documented in "ZENHAMMER: Rowhammering Attacks on AMD Zen-based Platforms" from researchers at ETH Zurich. The research demonstrates performing Rowhammer attacks on DDR4 and DDR5 memory using AMD "Zen" platforms. Given the history around Rowhammer, the researchers do not consider these rowhammering attacks to be a new issue.

Mitigation
AMD continues to assess the researchers' claim of demonstrating Rowhammer bit flips on a DDR5 device for the first time. AMD will provide an update upon completion of its assessment.

Apple M-Series CPUs Affected by "GoFetch" Unpatchable Cryptographic Vulnerability

A team of academic researchers has uncovered a critical vulnerability in Apple M-series CPUs targeting data memory-dependent prefetcher (DMP) that could allow attackers to extract secret encryption keys from Macs. The flaw, called GoFetch, is based on the microarchitecture design of the Apple Silicon, which means that it cannot be directly patched and poses a significant risk to users' data security. The vulnerability affects all Apple devices powered by M-series chips, including the popular M1 and M2 generations. The M3 generation can turn a special bit off to disable DMP, potentially hindering performance. The DMP, designed to optimize performance by preemptively loading data that appears to be a pointer, violates a fundamental requirement of constant-time programming by mixing data and memory access patterns. This creates an exploitable side channel that attackers can leverage to extract secret keys.

To execute the GoFetch attack, attackers craft specific inputs for cryptographic operations, ensuring that pointer-like values only appear when they have correctly guessed bits of the secret key. By monitoring the DMP's dereference behavior through cache-timing analysis, attackers can verify their guesses and gradually unravel the entire secret key. The researchers demonstrated successful end-to-end key extraction attacks on popular constant-time implementations of both classical and post-quantum cryptography, highlighting the need for a thorough reevaluation of the constant-time programming paradigm in light of this new vulnerability.

ASUSTOR Alerts Customers to Severe Vulnerability, Surveillance Center Gets Emergency Update

An emergency update is being pushed for Surveillance Center in response to a severe vulnerability detected in the software that could potentially allow an attacker to gain control elevated privileges to execute code on ADM to install malware. This update fixes this underlying vulnerability. ASUSTOR strongly urges all users of Surveillance Center for ADM to install the latest version as soon as possible to protect themselves and to minimize the risk of malware infection. ASUSTOR also recommends taking additional security measures to guard against the potential harms of malware in accordance with previously announced protective measures.

ASUSTOR strongly recommends taking the following actions to ensure your data is secure:
  • Change your password.
  • Use a strong password.
  • Change default HTTP and HTTPS ports. Default ports are 8000 and 8001 respectively.
  • Turn off Terminal/SSH and SFTP services and other services you do not use.
  • Make regular backups and ensure backups are up to date.
  • Turn on and update snapshots if available.
  • Enable the AbuseIPDB risk detection greylist.

New LeftoverLocals Vulnerability Threatens LLM Security on Apple, AMD, and Qualcomm GPUs

New York-based security firm Trail of Bits has identified a security vulnerability with various GPU models, which include AMD, Qualcomm, and Apple. This vulnerability, named LeftoverLocals, could potentially allow attackers to steal large amounts of data from a GPU's memory. Mainstream client-GPUs form a sizable chunk of the hardware accelerating AI and LLMs, as they cost a fraction of purpose-built data-center GPUs, and are available in the retail market. Unlike CPUs, which have undergone extensive hardening against data leaks, GPUs were primarily designed for graphics acceleration and lack similar data privacy architecture. To our knowledge, none of the client GPUs use virtualization with their graphics memory. Graphics acceleration in general is a very memory sensitive application, and requires SIMD units to have bare-metal access to memory, with as little latency as possible.

First the good news—for this vulnerability to be exploited, it requires the attacker to have access to the target device with the vulnerable GPU (i.e. cut through OS-level security). The attack could break down data silos on modern computers and servers, allowing unauthorized access to GPU memory. The potential data breach could include queries, responses generated by LLMs, and the weights driving the response. The researchers tested 11 chips from seven GPU makers and found the vulnerability in GPUs from Apple, AMD, and Qualcomm. While NVIDIA, Intel, and Arm first-party GPUs did not show evidence of the vulnerability, Apple, Qualcomm, and AMD confirmed to wired that their GPUs are affected, and that they're working on a security response. Apple has released fixes for its latest M3 and A17 processors, but older devices with previous generations of Apple silicon remain vulnerable. Qualcomm is providing security updates, and AMD plans to offer mitigations through driver updates in March 2024.

LogoFAIL Vulnerability Affects Almost Every PC Running Windows and Linux

Binarly's research team has discovered a collection of security vulnerabilities known as "LogoFAIL", which affects image parsing components within the UEFI firmware of a wide array of devices. These vulnerabilities are especially concerning because they are embedded within the reference code provided by Independent BIOS Vendors (IBVs), affecting not just a single vendor but a broad spectrum of devices that utilize this code. LogoFAIL is particularly dangerous because it allows attackers to bypass crucial security measures such as Secure Boot and Intel Boot Guard by executing a payload during the device's boot process. This is achieved by storing malicious images on the EFI System Partition or within unsigned sections of firmware updates. This method can compromise system security deeply without altering the runtime integrity of the bootloader or firmware, unlike other threats such as BlackLotus or BootHole.

The potential reach of LogoFAIL vulnerability is rather wide, with millions of consumer and enterprise-grade devices from various vendors, including ones like Intel, Acer, and Lenovo, being vulnerable. The exact list of affected devices is still undetermined, but the prevalence of the IBVs' code across numerous devices suggests that the impact could be widespread, with both Windows and Linux users being affected. Only PCs that don't allow any logotype displayed in the UEFI during the boot process are safe. Apple's Macs are secure as they don't allow any add-on images during boot, and some OEM prebuilt PCs, like the ones from Dell, don't allow images in the UEFI. Some makers like Lenovo, AMI, and Insyde have already published notes about cautiously uploading custom images to the UEFI and providing BIOS updates. Consumers and enterprises must check with their OEMs and IBVs for BIOS microcode updates to patch against this vulnerability.
Below, you can see the proof of concept in a YouTube video.

AMD EPYC CPUs Affected by CacheWarp Vulnerability, Patches are Already Available

Researchers at Graz University of Technology and the Helmholtz Center for Information Security have released their paper on CacheWarp—the latest vulnerability affecting some of the prior generation AMD EPYC CPUs. Titled CVE-2023-20592, the exploit targets first-generation EPYC Naples, second-generation EPYC Rome, and third-generation EPYC Milan. CacheWarp operates by exploiting a vulnerability in AMD's Secure Encrypted Virtualization (SEV) technology, specifically targeting the SEV-ES (Encrypted State) and SEV-SNP (Secure Nested Paging) versions. The attack is a software-based fault injection technique that manipulates the cache memory of a virtual machine (VM) running under SEV. It cleverly forces modified cache lines of the guest VM to revert to their previous state. This action circumvents the integrity checks that SEV-SNP is designed to enforce, allowing the attacker to inject faults without being detected.

Unlike attacks that rely on specific guest VM vulnerabilities, CacheWarp is more versatile and dangerous because it does not depend on the characteristics of the targeted VM. It exploits the underlying architectural weaknesses of AMD SEV, making it a broad threat to systems relying on this technology for security. The CacheWarp attack can bypass robust security measures like encrypted virtualization, posing a significant risk to data confidentiality and integrity in secure computing environments. AMD has issued an update for EPYC Milan with a hot-loadable microcode patch and updated the firmware image without any expected performance degradation. And for the remaining generations, AMD states that no mitigation is available for the first or second generations of EPYC processor (Naples and Rome) since the SEV and SEV-ES features are not designed to protect guest VM memory integrity, and the SEV-SNP is not available.

Flexxon Announces Xsign, a Physical Security Key in USB or microSD/SD Card Formats

Hardware cybersecurity pioneer and industrial NAND storage specialist, Flexxon, today announced the launch of its latest security product, Xsign. Now available globally, the Xsign provides enhanced security through an innovative approach to unlocking sensitive data reserved only for authorized personnel.

With the use of the Xsign hardware security key, organisations will be provided with a tailored software platform that syncs only with the Xsign key, thereby granting access to pre-defined users. Beyond its function as a security key, the Xsign also operates as a traditional storage card, equipped with Flexxon's industry leading reliability and performance. Key beneficiaries of the solution include industries that handle personal and sensitive data like the healthcare, finance, and government and defense sectors.

"Downfall" Intel CPU Vulnerability Can Impact Performance By 50%

Intel has recently revealed a security vulnerability named Downfall (CVE-2022-40982) that impacts multiple generations of Intel processors. The vulnerability is linked to Intel's memory optimization feature, exploiting the Gather instruction, a function that accelerates data fetching from scattered memory locations. It inadvertently exposes internal hardware registers, allowing malicious software access to data held by other programs. The flaw affects Intel mainstream and server processors ranging from the Skylake to Rocket Lake microarchitecture. The entire list of affected CPUs is here. Intel has responded by releasing updated software-level microcode to fix the flaw. However, there's concern over the performance impact of the fix, potentially affecting AVX2 and AVX-512 workloads involving the Gather instruction by up to 50%.

Phoronix tested the Downfall mitigations and reported varying performance decreases on different processors. For instance, two Xeon Platinum 8380 processors were around 6% slower in certain tests, while the Core i7-1165G7 faced performance degradation ranging from 11% to 39% in specific benchmarks. While these reductions were less than Intel's forecasted 50% overhead, they remain significant, especially in High-Performance Computing (HPC) workloads. The ramifications of Downfall are not restricted to specialized tasks like AI or HPC but may extend to more common applications such as video encoding. Though the microcode update is not mandatory and Intel provides an opt-out mechanism, users are left with a challenging decision between security and performance. Executing a Downfall attack might seem complex, but the final choice between implementing the mitigation or retaining performance will likely vary depending on individual needs and risk assessments.

Zenbleed Vulnerability Affects All AMD Zen 2 CPUs

A new vulnerability has been discovered in AMD Zen 2 based CPUs by Tavis Ormandy, a Google Information Security researcher. Ormandy has named the new vulnerability Zenbleed—also known as CVE-2023-20593—and it's said to affect all Zen 2 based AMD processors, which means Ryzen 3000, 4000 and 5000-series CPUs and APUs, as well as EPYC server chips. The reason why Zenbleed is of concern is because it doesn't require a potential attacker to have physical access to the computer or server in question and it's said to be possible to trigger the vulnerability via executing a javascript on a webpage. This means that the attack vector ends up being massive, at least when we're talking about something like a webhosting company.

Zenbleed is said to allow a potential attacker to gain access to things like encryption keys and user logins via triggering something called "the XMM Register Merge Optimization2, followed by a register rename and a mispredicted vzeroupper." Apparently this requires some precision for the vulnerability to work, but due to these registers being used system wide, even a sandboxed attacker can gain access to them. AMD has already issued a patch for its EPYC server CPUs, which obviously are the most vulnerable systems in question and the company is planning to release patches for all of its Zen 2 based CPUs before the end of the year. Hit up the source links for more details about Zenbleed.

AMD faulTPM Exploit Targets Zen 2 and Zen 3 Processors

Researchers at the Technical University of Berlin have published a paper called "faulTPM: Exposing AMD fTPMs' Deepest Secrets," highlighting AMD's firmware-based Trusted Platform Module (TPM) is susceptible to the new exploit targeting Zen 2 and Zen 3 processors. The faulTPM attack against AMD fTPMs involves utilizing the AMD secure processor's (SP) vulnerability to voltage fault injection attacks. This allows the attacker to extract a chip-unique secret from the targeted CPU, which is then used to derive the storage and integrity keys protecting the fTPM's non-volatile data stored on the BIOS flash chip. The attack consists of a manual parameter determination phase and a brute-force search for a final delay parameter. The first step requires around 30 minutes of manual attention, but it can potentially be automated. The second phase consists of repeated attack attempts to search for the last-to-be-determined parameter and execute the attack's payload.

Once these steps are completed, the attacker can extract any cryptographic material stored or sealed by the fTPM regardless of authentication mechanisms, such as Platform Configuration Register (PCR) validation or passphrases with anti-hammering protection. Interestingly, BitLocker uses TPM as a security measure, and faulTPM compromises the system. Researchers suggested that Zen 2 and Zen 3 CPUs are vulnerable, while Zen 4 wasn't mentioned. The attack requires several hours of physical access, so remote vulnerabilities are not a problem. Below, you can see the $200 system used for this attack and an illustration of the physical connections necessary.

Google's Project Zero Discovers 18 Zero-Day Vulnerabilities in Exynos Chipsets

Google's internal team Project Zero, dedicated to the discovery and patching of zero-day vulnerabilities in mobile hardware, software, web browsers and open source libraries disclosed a series of vulnerabilities in Samsung's Exynos chipsets featured across a wide range of mobile devices. Four of these critical vulnerabilities allow for internet-to-baseband remote code execution, and testing conducted by Project Zero confirmed that an attacker can compromise a phone at the baseband level with only the victim's phone number. They believe that with sufficient skill an attacker could exploit these vulnerabilities completely silently and remotely. The fourteen other vulnerabilities are related but considered to not be as critical as they require a more extensive setup including a malicious mobile network operator or local access to the targeted device.

Due to the severity of the main four critical vulnerabilities Project Zero has delayed full disclosure on how the exploit works stating:
Due to a very rare combination of level of access these vulnerabilities provide and the speed with which we believe a reliable operational exploit could be crafted, we have decided to make a policy exception to delay disclosure for the four vulnerabilities that allow for Internet-to-baseband remote code execution.

Microsoft Releases Windows Patches, Fixes Actively Exploited Zero-Day Vulnerabilities

Microsoft today unleashed a slew of updates for its March Patch Tuesday to address around 80 security vulnerabilities in the wild. To begin, Windows 10 patches KB5023696 and KB5023697 address system and security issues in Windows 10 versions 22H2, 21H2, 21H1, 1809, and 1607 as well as Windows Server 2016. These are being deployed as non-optional updates and will be automatically installed via Windows Update (unless you run a modified or locked down install). Windows 10 1507 also received a small patch, KB5023713, which similarly addresses security fixes as well as hyperlinks in Excel.

Microsoft today also releases fixes for two critical zero-day vulnerabilities that were being actively exploited as far back as April of 2022. The two exploited vulnerabilities are CVE-2023-23397 and CVE-2023-24880. CVE-2023-23397 is an elevated privilege attack that allows crafting special emails that can force a target's device to connect to remote URLs and transmit the Windows account's Net-NTLMv2 hash. CVE-2023-24880 is a Windows SmartScreen vulnerability that can be exploited to create executables which bypass the Windows Mark of the Web security warning.

Phoenix Technologies Launches FirmGuard to Protect Against Firmware Vulnerabilities

Phoenix Technologies, a leading independent firmware supplier for PCs and computing devices, has launched FirmGuard, a cyber security product to address firmware vulnerability. Firmware is the software that connects a device's microchips to the operating system.

Phoenix Technologies is the first UEFI (Unified Extensible Firmware Interface) vendor to offer an enterprise cyber security product. FirmGuard is a cloud-based service, which has been initially targeted at managed service providers (MSPs). It will also be offered to large enterprise and government organizations.

QNAP Responds to Vulnerability Reports in Hikvision Cameras and Provides Recommendations to QNAP QVR Pro and QVR Elite Users

After a thorough investigation and verification process, QNAP Systems, Inc. (QNAP) today addressed vulnerability CVE-2021-36260 of Hikvision cameras and provides the following recommendations to QVR Pro and QVR Elite users who may be potentially affected. According to the security advisory by Hikvision, if these cameras are installed in the same LAN network, and this network cannot be accessed externally, attackers will NOT be able to exploit this vulnerability.

Although this vulnerability does not directly influence QNAP surveillance products, it is highly recommended to update the firmware of the cameras listed in the advisory to reduce the possibility of being exposed to potential risks. These risks include, but is not limited to, failure to record from cameras that stop working, or receiving forged data from cameras.

ÆPIC Leak is an Architectural CPU Bug Affecting 10th, 11th, and 12th Gen Intel Core Processors

The x86 CPU family has been vulnerable to many attacks in recent years. With the arrival of Spectre and Meltdown, we have seen side-channel attacks overtake both AMD and Intel designs. However, today we find out that researchers are capable of exploiting Intel's latest 10th, 11th, and 12th generation Core processors with a new CPU bug called ÆPIC Leak. Named after Advanced Programmable Interrupt Controller (APIC) that handles interrupt requests to regulate multiprocessing, the leak is claimeing to be the first "CPU bug able to architecturally disclose sensitive data." Researchers Pietro Borrello (Sapienza University of Rome), Andreas Kogler (Graz Institute of Technology), Martin Schwarzl (Graz), Moritz Lipp (Amazon Web Services), Daniel Gruss (Graz University of Technology), and Michael Schwarz (CISPA Helmholtz Center for Information Security) discovered this flaw in Intel processors.
ÆPIC Leak is the first CPU bug able to architecturally disclose sensitive data. It leverages a vulnerability in recent Intel CPUs to leak secrets from the processor itself: on most 10th, 11th and 12th generation Intel CPUs the APIC MMIO undefined range incorrectly returns stale data from the cache hierarchy. In contrast to transient execution attacks like Meltdown and Spectre, ÆPIC Leak is an architectural bug: the sensitive data gets directly disclosed without relying on any (noisy) side channel. ÆPIC Leak is like an uninitialized memory read in the CPU itself.

A privileged attacker (Administrator or root) is required to access APIC MMIO. Thus, most systems are safe from ÆPIC Leak. However, systems relying on SGX to protect data from privileged attackers would be at risk, thus, have to be patched.

"Hertzbleed" Exploits Intel and AMD Boost Frequencies to Steal Crypto Keys

In 2017, the semiconductor world was shocked to discover new vulnerabilities in modern Intel, AMD, and Arm processors. Dubbed Spectre and Meltdown, these exploits used cache-based side-channel attacks to steal information from the system. Today, we are getting a more advanced side-channel vulnerability hidden in every CPU capable of boosting frequencies. Interestingly called "Heartzbleed," the new exploit can steal secret AES cryptographic keys when observing CPU's boost frequencies. The attack works by monitoring the power signature of any cryptographic workload. As with any other element in a CPU, the workload's power varies according to the processor's frequency scaling in different situations. Observing this power information can be converted into timing data, allowing an attacker to steal cryptographic keys. This is done using Dynamic Voltage Frequency Scaling (DVFS), a part of any modern processor.

Intel and AMD already published that their systems are vulnerable and affected by Heartzbleed exploit. It is labeled Intel-SA-00698 ID and CVE-2022-24436 ID for Intel CPUs and CVE-2022-23823 for AMD CPUs. It affects all Intel processors, and Zen 2 and Zen 3 AMD CPUs. The attacker can exploit this vulnerability remotely without requiring physical access. Intel and AMD will not offer microcode mitigations that should prevent this type of exploit from executing successfully. Additionally, Intel stated that this attack is not very practical outside of laboratory research, as it allegedly takes hours to days to steal cryptographic keys. The performance penalty for mitigating this attack ranges from high to low, depending on the type of implementation.

Apple M1 Chips Affected by Unpatchable "PACMAN" Exploit

Apple M1 chips are a part of the Apple Silicon family that represents a new transition to Arm-based cores with new power and performance targets for Apple devices. A portion of building a processor is designing its security enclave, and today we have evidence that M1 processors got a new vulnerability. The PACMAN is a hardware attack that can bypass Pointer Authentication (PAC) on M1 processors. Security researchers took an existing concept of Spectre and its application in the x86 realm and now applied it to the Arm-based Apple silicon. PACMAN exploits a current software bug to perform pointer authentication bypass, which may lead to arbitrary code execution.

The vulnerability is a hardware/software co-design that exploits microarchitectural construction to execute arbitrary codes. PACMAN creates a PAC Oracle to check if a specific pointer matches its authentication. It must never crash if an incorrect guess is supplied and the attack brute-forces all the possible PAC values using the PAC Oracle. To suppress crashes, PAC Oracles are delivered speculatively. And to learn if the PAC value was correct, researchers used uArch side channeling. In the CPU resides translation lookaside buffers (TLBs), where PACMAN tries to load the pointer speculatively and verify success using the prime+probe technique. TLBs are filled with minimal addresses required to supply a particular TLB section. If any address is evicted from the TLB, it is likely a load success, and the bug can take over with a falsely authenticated memory address.
Apple M1 PACMAN Attack

Cloudflare: Blockchain Platform Targeted by One of Most Powerful DDoS Attacks in History

Internet services provider Cloudflare has announced that it has successfully protected one of its clients from one of the most powerful DDoS (Distributed-Denial-of-Service) attacks in history. According to the services provider, an undisclosed cryptocurrency platform was targeted by a botnet comprising around 6,000 "zombie" computers distributed throughout 112 different countries. The botnet ultimately generated a collective 15.3 million requests per second. While that's still shy of the largest recorded metric - set at 17.2 million requests per second - the fact that the DDoS attack occurred through HTTPS likely pushed its complexity above the record-setting attack, due to the higher computational workload of secure HTTP. The attack lasted 15 seconds.

DDoS attacks aim to flood a network with requests and data packets in a bid to overload and paralyze it. The attack also showcases the ingenuity of bad actors, as the originated from cloud-based ISPs, as attackers leverage more complex and capable networking hardware than what's usually offered by last-mile ISPs. According to Cloudflare, the botnet seems to have mostly compromised systems with Java-based applications that were still open to the recently-discovered CVE-2022-21449 vulnerability.

CISA Advises Owners of Certain D-Link Routers to Urgently Retire Them

The US Cybersecurity and Infrastructure Security Agency, or CISA, is advising consumers and businesses to retire a whole range of D-Link routers, due to the devices being EOL. This is due to a severe vulnerability that affects the devices that goes under the CVE-ID of CVE-2021-45382. This is a remote command execution (RCE) vulnerability and it's not likely to get patched by D-Link and is considered serious enough that these devices should be taken offline post-haste. The vulnerability would allow an attacker to take over these devices using "diagnostic hooks" in the ncc2 service, which is tied to the DDNS function and would allow an attacker to gain full access by injecting malicious code.

Proof of concept code already exists on GitHub, which makes the likelihood of this attack vector being used even more likely. The known affected devices so far are the D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L and all hardware revisions are affected. Most of these routers were released around 2012 to 2014 and are either 802.11n or 802.11ac devices based on what appears to be Realtek or Ralink (now MediaTek) hardware. These aren't the only devices that CISA has given advice on recently, as the D-Link DIR-610 and DIR-645, as well as the Netgear DGN2200 are also devices that CISA recommends retirement for.

Intel Launches Project Circuit Breaker

Intel is expanding its Bug Bounty program with Project Circuit Breaker, bringing together a community of elite hackers to hunt bugs in firmware, hypervisors, GPUs, chipsets and more. Project Circuit Breaker broadens and deepens Intel's existing open Bug Bounty program by hosting targeted time-boxed events on specific new platforms and technologies, providing training and creating opportunities for more hands-on collaboration with Intel engineers. Project Circuit Breaker's first event, Camping with Tigers, is already underway with a group of 20 researchers who received systems with Intel Core i7 processors (formerly "Tiger Lake").

Project Circuit Breaker is possible thanks to our cutting-edge research community. This program is part of our effort to meet security researchers where they are and create more meaningful engagement. We invest in and host bug bounty programs because they attract new perspectives on how to challenge emerging security threats - and Project Circuit Breaker is the next step in collaborating with researchers to strengthen the industry's security assurance practices, especially when it comes to hardware. We look forward to seeing how the program will evolve and to introducing new voices to the meaningful work that we do."
-Katie Noble, director, Intel Product Security Incident Response Team (PSIRT) and Bug Bounty

Intel Disables DirectX 12 API Loading on Haswell Processors

Intel's fourth-generation Core processors, codenamed Haswell, are subject to new security exploits. According to the company, a vulnerability exists inside the graphics controller of 4th generation Haswell processors, happening once the DirectX 12 API loading occurs. To fix the problem, Intel has found that disabling this API results in a fix. Starting with Intel graphics driver 15.40.44.5107 applications that run exclusively on DirectX 12 API no longer work with the following Intel Graphics Controllers: Intel Iris Pro Graphics 5200/5100, HD Graphics 5000/4600/4400/4200, and Intel Pentium and Celeron Processors with Intel HD Graphics based on 4th Generation Intel Core.

"A potential security vulnerability in Intel Graphics may allow escalation of privilege on 4th Generation Intel Core processors. Intel has released a software update to mitigate this potential vulnerability. In order to mitigate the vulnerability, DirectX 12 capabilities were deprecated." says the Intel page. If a user with a Haswell processor has a specific need to run the DirectX 12 application, they can downgrade their graphics driver to version 15.40.42.5063 or older.
Return to Keyword Browsing
Dec 19th, 2024 02:11 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts