Intel CPUs may allow OS-independent attacks
Systems based on Intel's processors may be vulnerable to attack, irrespective of the operating system used or patches applied, according to a security researcher. Developer and reverse engineer Kris Kaspersky intends to present his proof of concept code for attacks on Intel processor based systems at the forthcoming Hack in the Box security conference. Kaspersky plans to demonstrate a specific attack on an Intel CPU using JavaScript and TCP packet storms.
It is common knowledge that attackers exploit security vulnerabilities in applications to gain control of systems. That processors bugs might also be used for such exploits is, however, less widely known. According to Kaspersky's pre-conference announcement, Intel lists 128 bugs in the specification for its Core 2 processor alone and more than 230 for the Intel Itanium. Some of these merely cause crashes, others allow remote or local attackers to gain control of a system. It is apparently irrelevant what operating system and applications are running on the computer at the time and what patches have been installed. Some of the bugs can be exploited using specific command sequences if the function of the underlying compiler. such as the JIT Java compiler, is known.
According to Kaspersky, to date only isolated attacks exploiting the vulnerabilities in Intel CPUs have taken place. He thinks, however, that it is only a matter of time before worms start to exploit these bugs. He does not provide any information on vulnerabilities in AMD CPUs.
See also:
- Remote Code Execution Through Intel CPU Bugs, pre-conference announcement for Hack in the Box
(trk)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
