Intel Has a New Major CPU Security Flaw (But It Probably Doesn’t Affect You!)
Mike Sanders / 2 years ago
Intel doesn’t have a particularly good history in recent years when it comes to security flaws being discovered within their processor releases. Admittedly, AMD has certainly had a few problems here and there too, but I think it would be both fair and accurate to say that Intel has been the more noteworthy and prolific of the two.
Now, admittedly, in the vast majority of cases when these security flaws are discovered, general consumers like you and me have very little to worry about. For media outlets, it can be very easy to leap onto the hyperbole train and predict the impending demise of online security as we know it. Given that this new security issue is found to affect Intel 10th, 11th, and even their latest 12th-gen processors, however, I think most can appreciate that this is not to be sniffed at.
As above though, the good news is that even despite the seemingly widespread nature of the problem, the vast majority of you reading this almost certainly don’t have to worry. For those of you who are perhaps on business systems, and particularly those that may utilise cloud systems, however, this definitely warrants some attention.
New Intel CPU Security Flaw Discovered
The reason why the vast majority of you probably don’t need to worry about this new security flaw (which has been given the name ‘ÆPIC Leak’) is that it specifically targets users who purely rely on Intel’s SGX (Software Guard Extensions) to protect data from outside attackers who have obtained system privileges. No, it’s not impossible that a generic user couldn’t be targeted in this way, but the bottom line is that this is mostly an issue related to businesses. – More than anything, the key focus of the ‘ÆPIC Leak’ exploit is that it is the first confirmed instance of a “CPU bug [that is] able to architecturally disclose sensitive data.”
“ÆPIC Leak is the first CPU bug able to architecturally disclose sensitive data. It leverages a vulnerability in recent Intel CPUs to leak secrets from the processor itself: on most 10th, 11th and 12th generation Intel CPUs the APIC MMIO undefined range incorrectly returns stale data from the cache hierarchy. In contrast to transient execution attacks like Meltdown and Spectre, ÆPIC Leak is an architectural bug: the sensitive data gets directly disclosed without relying on any (noisy) side channel. ÆPIC Leak is like an uninitialized memory read in the CPU itself.
A privileged attacker (Administrator or root) is required to access APIC MMIO. Thus, most systems are safe from ÆPIC Leak. However, systems relying on SGX to protect data from privileged attackers would be at risk, thus, have to be patched.”
Where Can I Learn More?
For those of you willing (and interested) in checking out the security flaw in action, a demonstration has been posted online which you can check out here! – Alternatively, you can read the full documentation (which I’ll warn you now is a little dry and exceptionally technical) via the link here!
Intel will, of course, release a patch to resolve this issue at some point in the future. Given that they were reportedly originally notified of the issue back in December 2021, however, it seems clear that there is no quick ‘magic bullet’ solution for this one. Then again, is there ever?…
Users have been advised that they can remove the security risk by disabling APIC MMIO or not using (or solely relying on) SGX. In terms of how you do that though… Well… The short answer is don’t look at me. Even my technical knowledge has limits!
As above, I think the best advice for 99.9% of you reading this (with Intel processors) is to simply be aware, keep calm, and carry on!
What do you think? – Let us know in the comments!