Jurgita Lapienytė Deputy Chief Editor Updated on: 11 August 2022

amazon

Image by Shutterstock

ÆPIC Leak leverages a vulnerability in recent Intel CPUs to leak secrets from the processor itself. Intel released firmware updates to address the flaw.

ÆPIC Leak is said to be the first CPU (central processing unit) bug to architecturally disclose sensitive data, meaning that sensitive data gets directly disclosed without relying on any (noisy) side channel.

“It leverages a vulnerability in recent Intel CPUs to leak secrets from the processor itself: on most 10th, 11th and 12th generation Intel CPUs the APIC MMIO undefined range incorrectly returns stale data from the cache hierarchy,” the research paper reads.

The research was conducted by researchers from the Sapienza University of Rome, Graz University of Technology, CISPA Helmholtz Center for Information Security, and Amazon Web Services. Pietro Borrello of Sapienza University and Andreas Kogler of Graz University of Technology presented the ÆPIC Leak at the Black Hat USA 2022 conference.

“If your system is affected, our proof-of-concept ÆPIC Leak exploit can read stale data, which may correspond to data previously accessed by the same processor core,” researchers claim.

To conduct the attack, a threat actor needs privileges (administrator or root) to access APIC MMIO. APIC (Advanced Programmable Interrupt Controller) is an integrated CPU component responsible for accepting, prioritizing, and dispatching interrupts to processors. The APIC can operate in xAPIC mode, in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page.

“Thus, most systems are safe from ÆPIC Leak. However, systems relying on SGX [Software Guard Extensions] to protect data from privileged attackers would be at risk, thus, have to be patched,” the research reads.

Users with a recent Intel CPU are most likely affected, but if they don’t rely on SGX, there’s no need to worry.

Researchers don’t know if this bug has been abused in the wild but say it probably hasn’t.

Intel described the vulnerability as medium and released firmware updates to address it.

TECH NEWS RELATED

CORSAIR K100 AIR Wireless Mechanical Gaming Keyboard Now Available

CORSAIR today announced the availability of the CORSAIR K100 AIR Wireless Mechanical Gaming Keyboard from the CORSAIR webstore and distributors worldwide. Priced at an MSRP of US$279.99, the K100 AIR combines state-of-the-art gaming performance and everyday productivity, in an unbelievably thin design.The CORSAIR K100 AIR is CORSAIR’s thinnest gaming keyboard, ...

View more: CORSAIR K100 AIR Wireless Mechanical Gaming Keyboard Now Available

What is multi-factor authentication, and how should I be using it?

Data breaches are becoming commonplace in both small and big tech companies. The most recent victim was Australian telecommunications company Optus, resulting in unauthorised access to the identity data of roughly 10 million people. Adding to the misery of the victims, this cyber-attack further unleashed a plethora of subsequent phishing ...

View more: What is multi-factor authentication, and how should I be using it?

WWE Extreme Rules 2022: Match Card, Start Time, How To Watch, And Predictions

Here's everything you need to know about the upcoming WWE event on October 8.

View more: WWE Extreme Rules 2022: Match Card, Start Time, How To Watch, And Predictions

Hisense U8H review: Punching way above its class

The budget TV world has never looked brighter. Along with TCL, Hisense has been building high-end, technologically advanced TVs that offer all but the most cutting edge features for less than $1,000. It’s been highly competitive for a few years now — and that’s a good thing for those ...

View more: Hisense U8H review: Punching way above its class

Save up to 25 percent on Samsung TVs through Amazon

Samsung is having a banger of a sale on Amazon Canada. If you’re looking for a great deal on various sizes of TVs, which will help put upwards of 25 percent. Samsung 43″ 4K Ultra HD HDR Smart TV for $448 (save 5%) Samsung 65-inch QLED 4K UHD HDR ...

View more: Save up to 25 percent on Samsung TVs through Amazon

2023 Lexus IS Overview: Available AWD, F Sport Handling Package, Special Appearance Package & More

The 2023 Lexus IS sport-luxury sedan is now inching closer to the sportier side of the equation with the new Lexus Driving Signature philosophy. Introduced in 2021 with the heavily re-engineered IS, the existing third-generation variant also got an IS 500 model with a naturally-aspirated V8 engine in 2022. ...

View more: 2023 Lexus IS Overview: Available AWD, F Sport Handling Package, Special Appearance Package & More

2D Multiplayer Game 'Killer Queen Black' To Shut Down Next Month

"This is not something that was planned or foreseen"

View more: 2D Multiplayer Game 'Killer Queen Black' To Shut Down Next Month

Dead Space Preorders Discounted For Xbox Game Pass Ultimate Members

If you’re an EA Play or Xbox Game Pass Ultimate member, you can save 10% on the upcoming title.

View more: Dead Space Preorders Discounted For Xbox Game Pass Ultimate Members

Review: Incase's Lanyard Pairs Well With AirPods Pro 2, But is Comparatively Expensive

Disney+ relaunches on PlayStation 5 with 4K HDR support

Add 1TB To Your PS5 Storage For Just $100

Dead Space: Here's What Comes in Each Edition

Lost Ark Will Receive Two New Classes And Four New Raids Before The End Of 2022

Matter smart home standard finalized as Apple readies iOS 16.1 support

Random: SpongeBob SquarePants: The Cosmic Shake's $250 'BFF Edition' Includes Inflatable Patrick

OnePlus Nord Watch Launched in India: Everything You Need To Know

Daily Deal: Samsung’s dual wireless charger available at a great price

Rivian produces over 7,000 vehicles in third quarter, maintains 25,000 target

Amazon Prime Early Access Sale October 2022 - When Is It And What Deals Can We Expect?

Today in Apple history: Siri debuts on iPhone 4s

OTHER TECH NEWS

Top Car News Car News