Posted on 01/03/2018 6:43:24 PM PST by markomalley
Hype. The exploitation of the flaws requires hostile user mode code. There are claims being kicked around that the user mode code could include javascript but that is BS. Javascript was never able to accomplish rowhammer and won't accomplish this exploit either because it can't run arbitrary instructions.
However if you click on an exe, designed by a hacker, containing instructions to allow kernel memory to be read from user mode, then you are screwed. But you were screwed when you clicked on the exe because it can do plenty of damage in plain old user mode. So it doesn't really matter.
Yes, though technically that firmware fix closes many other doors as well. It is not just for the IPT flaws mentioned in this article.
Yes, though technically that firmware fix closes many other doors as well. It is not just for the IPT flaws mentioned in this article.
But I should have also mentioned that the virtual server providers like Amazon, MS and others are concerned because their users can run arbitrary code by design. A hostile user of one of their services has the potential to impact the service or other users of the service when they should be isolated. So it is not hype for them.
Bkmk
Thanks, SM.
But Y2K was the problem worth throwing billions of dollars at.
Thanks to ShadowAce for the ping!
[[Bottom line: there are vulnerabilities that are hard-wired into the actual hardware of the computers. This impacts everybody — Apple, Windows, Linux, Android, IOS, everything.]]
The exploits rely on users executing malicious code, right? If the code is windows based (mostly) then how would linux users be affected? (I’m sure some linux codes could be written, but I would think mostly windows code will be written as most people use windows?)
[[And that will take time and will require your hardware to be updated with the new CPU chips.]]
Which —should be— financed by the chipmakers as a recall considering how much money people spent in good faith on processors of a certain speed- only to later find out the speed will be cut by perhaps 30%?
Why WHY did I ever get rid of my Tandy Color Computer??
Motorola 6809 processor is not affected!
[[However if you click on an exe, designed by a hacker, containing instructions to allow kernel memory to be read from user mode, then you are screwed. But you were screwed when you clicked on the exe because it can do plenty of damage in plain old user mode. So it doesn’t really matter.]]
Suppose that did happen, woudl system restore be able to undo the damage? (There is a program called rollbackRX which is a form of system restore on steroids- it works at boot level before the OS loads, so it could rollback a system to before the malicious code was executed)
However, if you have patched or otherwise do not have this new Intel (perhaps AMD and ARM too) vulnerability, then the user mode malware that you accidentally ran will not be able to bypass UAC or otherwise muck with your system. Therefore you can grab the power cord and yank it out of the wall, and the threat is gone because it can't persist. Being able to persist more easily is just one of the threats from the Intel bug. But it requires malicious code to be running first. The bug does not let hackers in, or create a backdoor, or do anything else to make it easier to initially attack your computer. It only makes things easier after the initial attack is successful.
Variant One -- Bounds Check Bypass:
Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.Variant Two -- Branch Target Injection:
Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.Variant Three -- Rogue Data Cache Load
Zero AMD vulnerability due to AMD architecture differences.
I'm not sure what to make of the "near zero risk" for Variant Two.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.