Intel Fixes Dangerous Plundervolt Vulnerability
Intel has quickly released a fix for the new and already infamous Plundervolt vulnerability found in Intel 6th, 7th, 8th, 9th, and 10th generation processors, alongside Xeon Processor E3 v5 and v6, and Xeon Processor E-2100 and E-2200.
Security researchers identified a vulnerability in Intel Software Guard Extensions (Intel SGX), which is a piece of architecture embedded in several Intel processors that allows users (including the OS) to store essential code in protected enclaves, akin to a vault. Attackers obtained the cryptography key for the encrypted SGX data by lowering the voltage, compromising any system.
“A potential security vulnerability in some Intel Processors may allow escalation of privilege and/or information disclosure. Intel has released firmware updates to system manufacturers to mitigate this potential vulnerability,” states Intel”s advisory. “Improper conditions check in voltage settings for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure via local access.”
According to a DarkReading report, attackers undervolted the SGX systems, which allowed them to recover the AES encryption key. The patch issued by Intel disallows this for SGX, and the company promised to give users with an SGX TCB key recovery solution, which should arrive in Q1 2020.
Several universities were involved in the research, including the University of Birmingham, Technische UniversitÃ¤t Darmstadt, University of Maryland, University of Maryland, and Tsinghua University.
The patch can only be integrated at the Bios level, which means that users will have to install Bios updates as they become available from manufacturers. Unfortunately, since Bios updates are never installed automatically, many people will remain vulnerable to this exploit until they upgrade to a new motherboard.
Each new motherboard in production right now will ship with the patch already installed, so customers should check if there is a different revision for their hardware.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 27, 2021
July 27, 2021
July 23, 2021