Threat Management

Intel CPUs may be compromised with new attack method

Share

SecurityWeek reports that threat actors may leverage the new AEPIC Leak attack against Intel processors to expose sensitive information. The novel attack involves the CPU's Advanced Programmable Interrupt Controller and could only be performed by attackers with root or administrator access to the APIC memory-mapped I/O, said researchers from Amazon Web Services, the Graz University of Technology, the Sapienza University of Rome, and the CISPA Helmholtz Center for Information Security. The non-reliance of AEPIC Leak, tracked as CVE-2022-21233, on a side channel indicates its reliability in disclosing sensitive data, according to researcher Pietro Borrello. "It is sufficient to load an enclave application in memory to be able to leak its contents. AEPIC Leaks can precisely target an application and fully dumps its memory in less than a second," Borrello added. Intel has already released an advisory regarding AEPIC Leak, which was considered a medium-severity concern, and is planning to release SGX SDK patches and microcode updates for the vulnerability.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.