Intel doesn’t have a particularly good history in recent years when it comes to security flaws being discovered within their processor releases. Admittedly, AMD has certainly had a few problems here and there too, but I think it would be both fair and accurate to say that Intel has been the more noteworthy and prolific of the two.
Now, admittedly, in the vast majority of cases when these security flaws are discovered, general consumers like you and me have very little to worry about. For media outlets, it can be very easy to leap onto the hyperbole train and predict the impending demise of online security as we know it. Given that this new security issue is found to affect Intel 10th, 11th, and even their latest 12th-gen processors, however, I think most can appreciate that this is not to be sniffed at.
As above though, the good news is that even despite the seemingly widespread nature of the problem, the vast majority of you reading this almost certainly don’t have to worry. For those of you who are perhaps on business systems, and particularly those that may utilise cloud systems, however, this definitely warrants some attention.
The reason why the vast majority of you probably don’t need to worry about this new security flaw (which has been given the name ‘ÆPIC Leak’) is that it specifically targets users who purely rely on Intel’s SGX (Software Guard Extensions) to protect data from outside attackers who have obtained system privileges. No, it’s not impossible that a generic user couldn’t be targeted in this way, but the bottom line is that this is mostly an issue related to businesses. – More than anything, the key focus of the ‘ÆPIC Leak’ exploit is that it is the first confirmed instance of a “CPU bug [that is] able to architecturally disclose sensitive data.”
“ÆPIC Leak is the first CPU bug able to architecturally disclose sensitive data. It leverages a vulnerability in recent Intel CPUs to leak secrets from the processor itself: on most 10th, 11th and 12th generation Intel CPUs the APIC MMIO undefined range incorrectly returns stale data from the cache hierarchy. In contrast to transient execution attacks like Meltdown and Spectre, ÆPIC Leak is an architectural bug: the sensitive data gets directly disclosed without relying on any (noisy) side channel. ÆPIC Leak is like an uninitialized memory read in the CPU itself.
A privileged attacker (Administrator or root) is required to access APIC MMIO. Thus, most systems are safe from ÆPIC Leak. However, systems relying on SGX to protect data from privileged attackers would be at risk, thus, have to be patched.”
For those of you willing (and interested) in checking out the security flaw in action, a demonstration has been posted online which you can check out here! – Alternatively, you can read the full documentation (which I’ll warn you now is a little dry and exceptionally technical) via the link here!
Intel will, of course, release a patch to resolve this issue at some point in the future. Given that they were reportedly originally notified of the issue back in December 2021, however, it seems clear that there is no quick ‘magic bullet’ solution for this one. Then again, is there ever?…
Users have been advised that they can remove the security risk by disabling APIC MMIO or not using (or solely relying on) SGX. In terms of how you do that though… Well… The short answer is don’t look at me. Even my technical knowledge has limits!
As above, I think the best advice for 99.9% of you reading this (with Intel processors) is to simply be aware, keep calm, and carry on!
What do you think? – Let us know in the comments!
SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…
Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…
Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…
Heavy Equipment Bundle: Includes a steering wheel for heavy machinery, gas and brake pedals, and…
Low-profile Keys for an ergonomic gaming experience. With slimmer keycaps and shorter switches, enjoy natural…
Size & style: Ambidextrous lightweight mouse for gaming. Built for speed, control and comfort, with…