• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • Contact Us

iHash

News and How to's

  • The 2023 Adobe Creative Cloud Beginner to Advance Bundle for $59

    The 2023 Adobe Creative Cloud Beginner to Advance Bundle for $59
  • The Complete 2023 Business Accounting Mastery Bundle for $49

    The Complete 2023 Business Accounting Mastery Bundle for $49
  • Universal VR Set Glasses Goggle Bundle for PC Android Phone for iPhone for $125

    Universal VR Set Glasses Goggle Bundle for PC Android Phone for iPhone for $125
  • Scanner Device Detector for GPS Tracker Wireless Listening Device Camera Finder 5 Levels Sensitivity 25H Working Time for $44

    Scanner Device Detector for GPS Tracker Wireless Listening Device Camera Finder 5 Levels Sensitivity 25H Working Time for $44
  • VYSN RockinPods TWS Waterproof Bluetooth Earbuds for $24

    VYSN RockinPods TWS Waterproof Bluetooth Earbuds for $24
  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique

Oct 20, 2021 by iHash Leave a Comment

SmashEx Intel CPU Attack

A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems.

The vulnerability (CVE-2021-0186, CVSS score: 8.2) was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National University of Defense Technology in early May 2021, who used it to stage a confidential data disclosure attack called “SmashEx” that can corrupt private data housed in the enclave and break its integrity.

Automatic GitHub Backups

Introduced with Intel’s Skylake processors, SGX (short for Software Guard eXtensions) allows developers to run selected application modules in a completely isolated secure compartment of memory, called an enclave or a Trusted Execution Environment (TEE), which is designed to be protected from processes running at higher privilege levels like the operating system. SGX ensures that data is secure even if a computer’s operating system has been tampered with or is under attack.

“For normal functioning, the SGX design allows the OS to interrupt the enclave execution through configurable hardware exceptions at any point,” the researchers outlined. “This feature enables enclave runtimes (e.g., Intel SGX SDK and Microsoft Open Enclave) to support in-enclave exception or signal handling, but it also opens up enclaves to re-entrancy bugs. SmashEx is an attack which exploits enclave SDKs which do not carefully handle re-entrancy in their exceptional handling safely.”

SmashEx Intel CPU Attack
SmashEx Intel CPU Attack

It’s worth noting that an enclave may also have Outside Calls, or OCALLS, which allow enclave functions to call out to the untrusted application and then return to the enclave. But when the enclave is also handling in-enclave exceptions (e.g., timer interrupt or division-by-zero), the vulnerability provides a brief window for a local attacker to hijack the control flow of execution by injecting an asynchronous exception immediately after the enclave is entered.

Armed with this capability, the adversary can then corrupt the in-enclave memory to leak sensitive data such as RSA private keys or execute malicious code.

Since SmashEx affects runtimes that support in-enclave exception handling, the researchers noted that “such OCALL return flow and the exception handling flow should be written with care to ensure that they interleave safely,” and that “when the OCALL return flow is interrupted, the enclave should be in a consistent state for the exception handling flow to progress correctly, and when the exception handling flow completes, the enclave state should also be ready for the enclave to resume.”

Enterprise Password Management

Intel has since released software updates to mitigate this vulnerability with SGX SDK versions 2.13 and 2.14 for Windows and Linux respectively. Microsoft, for its part, addressed the issue (CVE-2021-33767) in its July 2021 Patch Tuesday updates with Open Enclave version 0.17.1 of the SDK. The research team’s findings are expected to be presented next month at the ACM Conference on Computer and Communications Security.

“Asynchronous exception handling is a commodity functionality for real-world applications today, which are increasingly utilizing enclaves,” the researchers said, adding the research highlights “the importance of providing atomicity guarantees at the OS-enclave interface for such exceptions.”

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: attack, break, computer security, CPU, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, hacker news, hacking news, how to hack, information security, intel, network security, ransomware malware, Researchers, SGX, SmashEx, software vulnerability, technique, the hacker news

Special Offers

  • The 2023 Adobe Creative Cloud Beginner to Advance Bundle for $59

    The 2023 Adobe Creative Cloud Beginner to Advance Bundle for $59
  • The Complete 2023 Business Accounting Mastery Bundle for $49

    The Complete 2023 Business Accounting Mastery Bundle for $49
  • Universal VR Set Glasses Goggle Bundle for PC Android Phone for iPhone for $125

    Universal VR Set Glasses Goggle Bundle for PC Android Phone for iPhone for $125
  • Scanner Device Detector for GPS Tracker Wireless Listening Device Camera Finder 5 Levels Sensitivity 25H Working Time for $44

    Scanner Device Detector for GPS Tracker Wireless Listening Device Camera Finder 5 Levels Sensitivity 25H Working Time for $44
  • VYSN RockinPods TWS Waterproof Bluetooth Earbuds for $24

    VYSN RockinPods TWS Waterproof Bluetooth Earbuds for $24

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

Dotan Horovits

Is Kubernetes Monitoring Flawed? | Logz.io

Feb 7, 2023 By iHash

New Survey Finds Consumers Give Chatbots a Failing Grade in Customer Experience

Feb 7, 2023 By iHash

Tags

* Apple Cisco computer security cyber attacks cyber crime cyber news cybersecurity Cyber Security cyber security news cyber security news today cyber security updates cyber threats cyber updates data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS 7 iOS 8 iPhone Malware microsoft network security ransomware ransomware malware risk management Secure security security breaches security vulnerabilities software vulnerability the hacker news Threat update video Vulnerabilities web applications

Latest

The Power of Relationships: Executive Buy-In and Security Culture for Bolstering Resilience

The Power of Relationships: Executive Buy-In and Security Culture for Bolstering Resilience

“Where do we start?” This is the question every CISO asks about every new program. In fact, I ask and answer that question many times a month. There’s a reason for this, of course. A strong start to any project builds momentum, reassures stakeholders, and sets the stage for what’s to come. Security resilience initiatives […]

Cisco Secure at Cisco Live EMEA 2023

Cisco Secure at Cisco Live EMEA 2023

Cisco Live is the premier destination for Cisco customers and partners to gain knowledge and build community. Our teams work hard to deliver education and inspiration, ignite creativity, deliver practical know-how, and accelerate the connections that fuel your digital future. The Cisco Secure team is excited to share our expertise to help power the strategies […]

The 2023 Adobe Creative Cloud Beginner to Advance Bundle for $59

Expires November 25, 2122 23:59 PST Buy now and get 97% off Adobe Acrobat Pro DC (Beginner) KEY FEATURES Workplace demand for digital media skills including creating, managing, and integrating PDF documents is on the rise. In this course, students will learn the basics of creating PDF documents and modifying PDFs within Adobe Acrobat DC […]

Implementing AI into Enterprise Search to Make It Smarter

AI has the potential to be a game-changer for businesses that are experiencing a digital transformation, provided that it is correctly applied. While the economy is still struggling to recover, the value of technology like Machine Learning (ML) and Natural Language Processing (NLP) is on the rise. These technologies assist businesses in initiating and accelerating […]

GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry

Feb 06, 2023Ravie LakshmananCyber Attack / Endpoint Security E-commerce industries in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed late last month. The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for loading the malware. […]

Scanner Device Detector for GPS Tracker Wireless Listening Device Camera Finder 5 Levels Sensitivity 25H Working Time for $44

Expires January 31, 2123 18:01 PST Buy now and get 61% off PRODUCT SPECS Batteries Required? Yes Power Source Battery Powered Item Dimensions LxWxH 4.1 x 0.97 x 0.58 inches Battery Life 25 Hours function logProductOverviewMetric(metric) { if(typeof window.csa !== ‘undefined’) { var myEvents = csa(“Events”, {producerId: “dppinfo”}); myEvents(“log”, { schemaId: “dppinfo.productOverviewClientSideEvents.1”, eventName: metric }, […]

Jailbreak

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

  Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate.   Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

  Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

Copyright iHash.eu © 2023
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT