How often it is the case that a new Exploit is discovered that renders most of the PCs vulnerable to attacks? Well, thats like everyday. But most of such exploits never go mainstream or is controlled at the source.
What if an Exploit is found deep down in the Processor design and it affects every single OS that runs on that processor architecture. If those aren’t accelerating enough, how about adding scope of spreading via ANY web browser? Such exploits which are unpatched and previously unknown are called Zero-day exploits.
A new zero-day Exploit has been discovered in Intel’s Core 2 Duo and Intel Atom processors which exploits cache control mechanism in the processor’s core.
This demo consists of actually two programs. A test loop, which gets exploited and the malicious code. The test loop needs to run until patched. It is completely running from the cache. When the exploit runs, it modifies the 4 first bytes of the cached loop into 4 NOPs via the cache exploit. When the change happens, the exploit is successful.
The test code published to public is safe for Intel Core 2 duo users to try. It just checks, if the cache modification is possible. To bring it to practical scenarios, it will combine this with other exploitation code and would change the machine code of the test loop into a jump or a call.
The real scary part of this is, that it is possible to patch code despite of access rights. If the loop is really changed, this can be made into an effective exploit.
In others words, it’s a partially-obfuscated piece of malware, which claims to demonstrate a zero-day, security vulnerability affecting Intel Core 2 Duo and Intel Atom processors, allowing privilege escalation from inside a Javascript interpreter up to kernel memory. I don’t know whether it actually works, since I’m not brave enough to experiment with it, but it’s likely that it does.
As one developer explains it, the CPU is trying to optimize an infinite loop from the firefox interpreter, but there is a CPU bug where some address is not aligned properly, which allows them to overwrite other memory.
// the infinite loop will be patched on the fly because of the Intel CPU bug
// addr of the test() func should be aligned by 4Kb boundary,
// 1st dword will be changed to NOP, NOP, NOP, NOP
// it’s possible to change the kernel memory as well,
If this works as advertised, then if you have an affected CPU, it is a zero-day exploit affecting every web browser on every operating system, both desktop and mobile, as long as you have Javascript enabled. Until a workaround has been found, any site which serves you Javascript or any of its advertising networks could use it to give you malware.
Some hackers claim that this Exploit is unreal and others claim such CPU bugs are nothing new and couple of such exploits have been discovered long ago.
Are you safe?
Since it affects every single browser and platform running javascript, there’s a little you can do to prevent it till its officially patched on all PCs. One way is to turn off Javascript, but thats virtually impossible. Safer way is to go with script blockers that block malicious code and malware.
Second, you should use only the most security hardened browser, which is Google Chrome; it’s not clear whether Chrome’s hardening will actually help, but it’s likely that it will.
We write latest and greatest in Tech Guides, Apple, iPhone, Tablets, Android, Open Source, Latest in Tech, subscribe to us @geeknizer on Twitter OR Google+or on Facebook Fanpage:
loading...
loading...