August 12, 2024 at 11:21PM AMD processors dating back to 2006 have a security vulnerability called SinkClose, which allows rogue users to run code in System Management Mode (SMM). Only models made since 2020 will be patched. The flaw affects AMD CPUs dating back nearly 20 years. Processors receiving fixes will get firmware updates via … Read more
August 9, 2024 at 01:02PM AMD has issued a warning about a high-severity CPU vulnerability, SinkClose, affecting multiple generations of EPYC, Ryzen, and Threadripper processors. This flaw allows attackers to gain Ring -2 privileges, enabling malware installation undetectable by typical security tools. The attack has gone undetected for almost 20 years and poses significant threats, … Read more
August 7, 2024 at 03:06PM A team from the CISPA Helmholtz Center for Information Security in Germany has revealed a new vulnerability in the XuanTie C910 CPU based on RISC-V architecture. Named GhostWrite, the flaw could allow attackers to gain unrestricted access to targeted devices. Although no specific tools or methods to detect attacks currently … Read more
March 25, 2024 at 10:36AM Researchers have delved further into the GoFetch vulnerability affecting Apple M-series and Intel Raptor Lake CPUs. Exploiting data memory-dependent prefetchers, the exploit leaks core-cached data, posing a threat for hackers. While patches are possible for M3 and Raptor Lake CPUs, the M1 and M2 chips face challenges due to the … Read more
March 22, 2024 at 11:07AM The “GoFetch” attack targets modern Apple M-series CPUs’ constant-time cryptographic implementations, allowing it to steal secret cryptographic keys from the CPU’s cache. The attack, developed by researchers in the U.S., cannot be fixed in affected CPUs. Mitigating it with software patches would reduce cryptographic performance. Apple owners should practice safe … Read more
March 22, 2024 at 11:06AM A new side-channel vulnerability, GoFetch, has been discovered in Apple Silicon processors, allowing malicious apps to extract cryptographic keys by exploiting the DMP feature. The vulnerability affects Apple M1, M2, and M3 chips, as well as Intel’s 13th Gen Raptor Lake microarchitecture. Disabling DMP may degrade performance, and third-party cryptographic … Read more
March 15, 2024 at 02:03PM A group of researchers has discovered a new data leakage attack called GhostRace (CVE-2024-2193), a variation of the spectre v1 vulnerability, impacting modern CPU architectures. This exploit allows unauthenticated attackers to extract sensitive data from the processor by accessing speculative executable code paths. Both AMD and Xen have provided solutions … Read more
March 13, 2024 at 06:33AM A team of researchers from IBM and VU Amsterdam unveiled a new data leakage attack, GhostRace, affecting major CPU makers and software. The attack exploits speculative race conditions, allowing attackers to access sensitive information from memory. The researchers shared details of the attack, notified vendors, and released a proof-of-concept exploit … Read more
December 9, 2023 at 07:12AM Researchers from Vrije Universiteit Amsterdam disclosed a new side-channel attack called SLAM, exploiting a feature in Intel, AMD, and Arm CPUs. The exploit, an end-to-end Spectre-based attack, allows leakage of sensitive data from kernel memory. Intel, AMD, and Arm are working on mitigations, while existing and future CPUs are affected. … Read more
October 27, 2023 at 04:35PM Researchers have developed a side-channel exploit called “iLeakage” that affects Apple CPUs, allowing sophisticated attackers to extract sensitive information from browsers. The exploit takes advantage of speculative execution in Apple silicon CPUs and the Apple WebKit capabilities inside a browser. All recent iPhone, iPad, and MacBook models are affected, and … Read more