Домой United States USA — software ‘Downfall’ and Intel Macs: What you need to know about the flaw...

‘Downfall’ and Intel Macs: What you need to know about the flaw and fix

252
0
ПОДЕЛИТЬСЯ

Years of Macs use affected processors, but it’s unclear if they are subject to the attack or not.
Remember those serious Meltdown and Spectre CPU flaws from about five years ago? Well, Intel’s in hot water again with another serious vulnerability that affects years worth of processors.
Known as “Downfall,” the vulnerability exploits a flaw in the AVX vector extensions of every Intel CPU from the Skylake generation onward until we get to the more recent 12th-gen Alder Lake processors.
Macs with these processors started appearing in late 2015 with the 21.5-inch iMac, and just about every Intel-based Mac–desktop or laptop–since that time is on the list of affected processors. Apple switched to its own chips in 2020 rather than using the newer 12th- and 13th-gen Intel processors (though those aren’t affected by the flaw anyway).What is Downfall?
Researcher Daniel Moghimi, who discovered the flaw, created a microsite about it and described it this way:
Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers. This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer. For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages. Similarly, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer.
In short, the flaw exploits the way a particular “Gather” instruction (part of the vector instructions in these Intel processors) is executed to access data in RAM that the program shouldn’t usually have any access to.

Continue reading...