ÆPIC Leak leverages a vulnerability in recent Intel CPUs to leak secrets from the processor itself. Intel released firmware updates to address the flaw.
ÆPIC Leak is said to be the first CPU (central processing unit) bug to architecturally disclose sensitive data, meaning that sensitive data gets directly disclosed without relying on any (noisy) side channel.
“It leverages a vulnerability in recent Intel CPUs to leak secrets from the processor itself: on most 10th, 11th and 12th generation Intel CPUs the APIC MMIO undefined range incorrectly returns stale data from the cache hierarchy,” the research paper reads.
The research was conducted by researchers from the Sapienza University of Rome, Graz University of Technology, CISPA Helmholtz Center for Information Security, and Amazon Web Services. Pietro Borrello of Sapienza University and Andreas Kogler of Graz University of Technology presented the ÆPIC Leak at the Black Hat USA 2022 conference.
“If your system is affected, our proof-of-concept ÆPIC Leak exploit can read stale data, which may correspond to data previously accessed by the same processor core,” researchers claim.
To conduct the attack, a threat actor needs privileges (administrator or root) to access APIC MMIO. APIC (Advanced Programmable Interrupt Controller) is an integrated CPU component responsible for accepting, prioritizing, and dispatching interrupts to processors. The APIC can operate in xAPIC mode, in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page.
“Thus, most systems are safe from ÆPIC Leak. However, systems relying on SGX [Software Guard Extensions] to protect data from privileged attackers would be at risk, thus, have to be patched,” the research reads.
Users with a recent Intel CPU are most likely affected, but if they don’t rely on SGX, there’s no need to worry.
Researchers don’t know if this bug has been abused in the wild but say it probably hasn’t.
Intel described the vulnerability as medium and released firmware updates to address it.
More from Cybernews:
Subscribe to our newsletter