Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Intel SGX. Show all posts

Novel Downfall Bug is Targeting Intel CPUs to Steal Encryption Keys, and Data

 

Remember those severe Meltdown and Spectre CPU bugs that were discovered nearly five years ago? Intel is once again in hot water due to a severe vulnerability that impacts chips dating back years. 

The vulnerability, dubbed "Downfall," exploits a flaw in the AVX vector extensions of every Intel CPU from Skylake to the most current 12th-generation Alder Lake chips.

Macs using these processors first appeared in late 2015, with the 21.5-inch iMac, and nearly every Intel-based Mac-desktop or laptop-since then has been affected. Apple started employing its own CPUs in 2020, rather than the newer 12th and 13th-generation Intel processors (which aren't affected by the vulnerability anyhow). 

What exactly is Downfall? 

Daniel Moghimi, the researcher who identified the vulnerability, developed a microsite about it and summarises it as follows: 

Downfall attacks exploit a fundamental flaw identified in billions of current CPUs used in personal and cloud systems. This vulnerability, CVE-2022-40982, allows an individual to get access to and steal data from other users that use the same machine.

For example, a malicious app downloaded from an app store might utilise the Downfall attack to steal sensitive information such as passwords, encryption keys, and private data such as banking information, personal emails, and messages.

Similarly, in cloud computing environments, a malevolent customer might exploit the Downfall vulnerability to steal data and passwords from other customers that share the same cloud server. 

Intel was first made aware of the vulnerability last summer, but it has only now been made public to give Intel time to develop a fix. Users would receive updates from their hardware makers in the form of microcode, which Intel has only started to release for its chips to address the problem. 

Which Macs are impacted? 

It's unknown whether Macs are impacted at this time. A chip that is on Intel's list of impacted products is used inside nearly every Mac starting with the Skylake generation (starting in late 2015) that has an Intel CPU inside. Your CPU is almost probably impacted if you own an Intel-based Mac that was produced in 2016 or later (or an iMac that was released in late 2015). 

But Macs are quite distinctive. Custom motherboards and firmware have been used in Intel Macs, and some of them even had the powerful T2 processor. Until we hear from Apple, it's difficult to say for sure if any of this would necessarily stop an attack exploiting the Downfall vulnerability. 

What needs to be done next? Is a fix available? 

There isn't much you can do but wait if you own a Mac built in late 2015 or later; yet, you can be affected. If a processor microcode upgrade is required or further mitigations are required, Apple will release a macOS update. You don't need to be concerned if your Mac is Apple Silicon-based (it has an M1 or M2-based processor). 

Using only software from reputable sources is a smart idea at all times. Compared to the most recent release from a well-known company like Microsoft, Google, or something from the Mac App Store, the tool you downloaded from a website you had never heard of carries a much higher chance of virus.