Flash News: Intel chipsets hit by another major security flaw
SGAxe attack steals protected data from what's meant to be the safest a part of an Intel processor
Intel processors face another major security threat after researchers uncovered a replacement attack on the company's hardware.
Known as SGAxe, the attack targets a supposedly super-secure function within Intel processors within the latest plan to steal protected user data during a long line of attacks since 2018's Meltdown and Spectre threats.
SGAxe attack
SGAxe breaches the safety guarantees of Intel Software Guard eXtensions (SGX) services, which look to guard the inner workings of a system alongside vital data like passwords and encryption keys.
Developed by the corporate, SGX may be a security feature built into Intel processors that permits apps to work and run within blocks of secure memory referred to as "enclaves" - protected software containers that provide hardware-based memory encryption for high-end protection.
Using SGAxe, an attacker could steal legitimate SGX attestation keys from Intel’s quoting enclave in existing SGX machines, meaning they might then impersonate such systems and gain access to focus on devices.
The researchers note that there's no evidence the flaw was exploited within the wild but alerted Intel as soon because it was discovered. However SGAxe does appear to be an evolution of the CacheOut attack revealed in January, with the 2 exploits ready to add tandem to interrupt into systems.
Intel says it's performing on a fix to hide both attacks, with a microcode update coming soon.
"It is vital to notice that SGAxe relies on CVE-2020-0549 which has been mitigated in microcode (confirmed by the researchers in their updated CacheOut paper) and distributed bent the ecosystem."
The company has also published an inventory of affected processors for users looking to ascertain if their systems are in danger.
Source URL
Hello, my name is Mohd Azahar. I'm a self-employed Pivrate from the India.
No comments:
Post a Comment