How often it is the case that a new Exploit is discovered that renders most of the PCs vulnerable to attacks? Well, thats like everyday. But most of such exploits never go mainstream or is controlled at the source.
What if an Exploit is found deep down in the Processor design and it affects every single OS that runs on that processor architecture. If those aren’t accelerating enough, how about adding scope of spreading via ANY web browser? Such exploits which are unpatched and previously unknown are called Zero-day exploits.
A new zero-day Exploit has been discovered in Intel’s Core 2 Duo and Intel Atom processors which exploits cache control mechanism in the processor’s core.
This demo consists of actually two programs. A test loop, which gets exploited and the malicious code. The test loop needs to run until patched. It is completely running from the cache. When the exploit runs, it modifies the 4 first bytes of the cached loop into 4 NOPs via the cache exploit. When the change happens, the exploit is successful.
The test code published to public is safe for Intel Core 2 duo users to try. It just checks, if the cache modification is possible. To bring it to practical scenarios, it will combine this with other exploitation code and would change the machine code of the test loop into a jump or a call.
The real scary part of this is, that it is possible to patch code despite of access rights. If the loop is really changed, this can be made into an effective exploit.
As one developer explains it, the CPU is trying to optimize an infinite loop from the firefox interpreter, but there is a CPU bug where some address is not aligned properly, which allows them to overwrite other memory.
// the infinite loop will be patched on the fly because of the Intel CPU bug
// addr of the test() func should be aligned by 4Kb boundary,
// 1st dword will be changed to NOP, NOP, NOP, NOP
// it’s possible to change the kernel memory as well,
Some hackers claim that this Exploit is unreal and others claim such CPU bugs are nothing new and couple of such exploits have been discovered long ago.
Are you safe?
Second, you should use only the most security hardened browser, which is Google Chrome; it’s not clear whether Chrome’s hardening will actually help, but it’s likely that it will.