Intel CPUs may allow OS-independent attacks
It is common knowledge that attackers exploit security vulnerabilities in applications to gain control of systems. That processors bugs might also be used for such exploits is, however, less widely known. According to Kaspersky's pre-conference announcement, Intel lists 128 bugs in the specification for its Core 2 processor alone and more than 230 for the Intel Itanium. Some of these merely cause crashes, others allow remote or local attackers to gain control of a system. It is apparently irrelevant what operating system and applications are running on the computer at the time and what patches have been installed. Some of the bugs can be exploited using specific command sequences if the function of the underlying compiler. such as the JIT Java compiler, is known.
According to Kaspersky, to date only isolated attacks exploiting the vulnerabilities in Intel CPUs have taken place. He thinks, however, that it is only a matter of time before worms start to exploit these bugs. He does not provide any information on vulnerabilities in AMD CPUs.
- Remote Code Execution Through Intel CPU Bugs, pre-conference announcement for Hack in the Box