Alleged Intel CPU errata yields attack vector?
Thrax
🐌Austin, TX Icrontian
Security researcher and author Kris Kaspersky recently asserted that flaws in the instruction set of the Intel Core 2 (and derivatives) makes them susceptible to devastating platform-agnostic exploits.
Kaspersky posits that a remote attack via JavaScript or TCP/IP could yield multiple opportunities to damage or cripple any x86 operating system. Infoworld goes on to quote that some of the errata are dangerous enough to permit a hacker to wrest full control of the OS. Other exploits could trigger system crashes, damaged data and restarts.
In the world of CPU architecture, errors in the design of a chip are not uncommon. Most errors, or errata as they are known, are often fixed through subsequent BIOS releases. To wit, Intel's February release of their errata manual (PDF) describes over 80 different flaws in the design of Netburst and Core 2-based processors.
While Kaspersky plays his cards close to his chest, we are destined to wait for the October Hack In The Box event until we can observe the exploit first-hand. The researcher plans to demonstrate his findings and publicly release the exploit code at the symposium.
Kaspersky posits that a remote attack via JavaScript or TCP/IP could yield multiple opportunities to damage or cripple any x86 operating system. Infoworld goes on to quote that some of the errata are dangerous enough to permit a hacker to wrest full control of the OS. Other exploits could trigger system crashes, damaged data and restarts.
In the world of CPU architecture, errors in the design of a chip are not uncommon. Most errors, or errata as they are known, are often fixed through subsequent BIOS releases. To wit, Intel's February release of their errata manual (PDF) describes over 80 different flaws in the design of Netburst and Core 2-based processors.
While Kaspersky plays his cards close to his chest, we are destined to wait for the October Hack In The Box event until we can observe the exploit first-hand. The researcher plans to demonstrate his findings and publicly release the exploit code at the symposium.
0