A bug in Intel's fresh processor architecture allows direct data leaks via SGX

The discovery of Spectre and Meltdown vulnerabilities in Intel and other processor architectures was followed by a shaft of new leaks, implemented in side-channel attacks.
An investigation into vulnerabilities in Intel processor architecture in generations 10 to 12 revealed a significantly larger threat - the possibility of a direct leak of sensitive user data due to a direct vulnerability in the company's new processor architectures.Image source: IntelInternational research team has released information on the discovery of a vulnerability named AEPIC Leak (ÆPIC Leak) and code CVE-2022-21233 in new Intel processors.
The two terms APIC and EPIC are intertwined in the name, which hints at serious problems when accessing the APIC interrupt controller.
In xAPIC mode, the corresponding registers are accessed through a memory-mapped I/O page (MMIO).
If an attacker has administrator or root access, the application memory can be unloaded almost instantly via MMIO.
No complicated manipulation, as with leaks in side-channel attacks, is necessary, so the researchers described ÆPIC Leak as \"the first CPU bug capable of exposing sensitive data.
\"Of course, the requirement to have administrator or root access for a ÆPIC Leak attack will limit the field of action for attackers.
Therefore, most non-cracked systems will be out of this danger.
But there is one \"but\".
If the system relies on Intel SGX protection, ÆPIC Leak will overcome it easily.
More specifically, the new vulnerability uses SGX precisely to bypass protection from attacks by privileged attackers.
As soon as an SGX enclave application is loaded into memory, ÆPIC Leak is able to immediately completely offload application memory to steal data from it.
So don't get your hopes up about SGX in this matter.The researchers' data on this leak was given to Intel late last year.
Intel rated the reported vulnerability as a medium-risk vulnerability, which is presented as an \"uninitialized memory read vulnerability.\" Intel's recommendations suggest that processors without SGX support are fully protected against the ÆPIC Leak.
For processors with SGX, it is recommended to enable x2APIC mode in OS and virtual machine monitors, then xAPIC MMIO page will be disabled and will not allow leaks through its resources.Speaking about the list of vulnerable processors, Intel provided a list of Intel Ice Lake 10th generation, Intel Xeon 3rd generation (Ice Lake SP), Ice Lake Xeon-SP, Ice Lake D, Gemini Lake, Ice Lake U, Y and Rocket Lake models.

Vulnerability found in Apple M1 processors that cannot be closed by software

Scientists at the Computer Science and Artificial Intelligence Laboratory (CSAIL) at the Massachusetts Institute of Technology have reported the creation of a PACMAN cyberattack technique based on a hardware vulnerability in Apple M1 processors.
The authors of the study specified that their solution could also be relevant for other chips on the Arm-architecture, but it has not yet been confirmed in practice.Image source: apple.comAttack is performed using a combination of hardware and software and can be performed remotely, without physical access to the victim's computer.
In theory, PACMAN gives the attacker access to the OS kernel, which essentially means full control over the machine.
The most annoying thing is that this hardware vulnerability cannot be fixed by any software, which means that it can remain relevant not only for existing, but also for future products.
Theoretically, Arm-chips from other manufacturers, including Qualcomm and Samsung, could also be vulnerable if they use pointer authentication.
The attack is based on the Pointer Authentication security feature, which is used to verify executable software via cryptographic signatures or Pointer Authentication Codes (PACs).
This helps protect the system from attacks involving pointer spoofing of memory addresses, which are controlled by PAC values.
The PACMAN technique allows PAC values to be \"tampered with,\" working in a similar way to the Spectre and Meltdown exploits.
Researchers emphasize that PACMAN works at various privilege levels all the way up to gaining access to the OS kernel.The researchers reported their discovery to Apple months ago.
The vulnerability has not yet been registered in the public CVE database, but the authors of the project promised to do so in the near future.
Scientists will provide all the details in their report at the International Symposium on Computer Architecture (ISCA 2022), which will open on June 18 in New York.

UNISOC chipsets have a vulnerability that allows smartphones to disconnect from the network

Cybersecurity experts Check Point Research found a vulnerability in the firmware of LTE modems on Chinese UNISOC chipsets, which are widely used in low-cost smartphones.
Attackers have the theoretical ability to block the device from connecting to cellular networks.Image source: unisoc.comThe vulnerability was discovered while working with the Motorola Moto G20 smartphone on the UNISOC T700 chipset - researchers used reverse engineering techniques to study the implementation of LTE standard support on the modem.
They found that it was possible to send an SMS message or a special radio packet to the device to achieve disconnection from the mobile network - at least until the subsequent reboot.The vulnerability was given the number CVE-2022-20210 and a rating of 9.4 (\"critical\").
Researchers reported their discovery to UNISOC in May, and before the end of the month the developer released a patch to fix the bug.
Owners of devices running UNISOC chips were advised to update Android to the latest version.Factory-less Chinese company UNISOC has been developing chipsets for cell phones for 21 years, 17 of which it operated under the Spreadtrum Communications brand - rebranded in 2018.
According to Counterpoint analysts, the company is the world's fourth-largest developer of mobile platforms, behind MediaTek, Qualcomm and Apple.