Remote Code Execution Through Intel CPU Vulnerability Will Be Presented In Hack In The Box Security Conference
Intel CPUs have exploitable bugs which are vulnerable to both local and remote attacks which works against any OS regardless of the patches applied or the applications which are running. Kris Kaspersky, author of numerous books on reverse engineering and software engineering, will be presenting his research on remote code execution through Intel CPU bugs at the upcoming Hack in the Box Security Conference in Malaysia.
If his proof of concept code consisting of JavaScript or TCP/IP packet attacks on Intel based machines succeeds, given Intel’s dominant market share on the market the potential outbreak could be enormous since as he claims, the PoC is OS independent, namely all operating systems running Intel chips are said to be vulnerable.
In the presentation, Kris will share with the participants the finding of his CPU malware detection research which was funded by Endeavor Security. He will also present to the participants improved POC code and will show how it’s possible to make an attack via JavaScript code or just TCP/IP packets storms against Intel based machine. Some of the bugs that will be shown are exploitable via common instruction sequences and by knowing the mechanics behind certain JIT Java-compilers, attackers can force the compiler to do what they want.
George Alfs, a spokesman for Intel, said he has not yet seen Kaspersky’s research, nor has he spoken to him about it. Intel has evaluation teams always looking at issues and they will certainly take a look at this one.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.