CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 15th, 2008

Remote Code Execution Through Intel CPU Vulnerability Will Be Presented In Hack In The Box Security Conference

Intel CPUs have exploitable bugs which are vulnerable to both local and remote attacks which works against any OS regardless of the patches applied or the applications which are running. Kris Kaspersky, author of numerous books on reverse engineering and software engineering, will be presenting his research on remote code execution through Intel CPU bugs at the upcoming Hack in the Box Security Conference in Malaysia.

If his proof of concept code consisting of JavaScript or TCP/IP packet attacks on Intel based machines succeeds, given Intel’s dominant market share on the market the potential outbreak could be enormous since as he claims, the PoC is OS independent, namely all operating systems running Intel chips are said to be vulnerable.

In the presentation, Kris will share with the participants the finding of his CPU malware detection research which was funded by Endeavor Security. He will also present to the participants improved POC code and will show how it’s possible to make an attack via JavaScript code or just TCP/IP packets storms against Intel based machine. Some of the bugs that will be shown are exploitable via common instruction sequences and by knowing the mechanics behind certain JIT Java-compilers, attackers can force the compiler to do what they want.

George Alfs, a spokesman for Intel, said he has not yet seen Kaspersky’s research, nor has he spoken to him about it. Intel has evaluation teams always looking at issues and they will certainly take a look at this one.

Share this item with others:

More on CyberInsecure:
  • Intel Patches Critical Security Bug In vPro Processors
  • Intel Website Hacked, Personal Data Exposed Through SQL Injection
  • Intel Update For BIOS Protects From Privilege Escalation Vulnerability Discovered By Rutkowska
  • Remote-Execution Vulnerability In Adobe Flash 9.0.124.0
  • 68 Fixes In Apple Update 10.5.3 and Apple Security Update 2008-003

    • Posted in Hardware, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Tuesday, July 15th, 2008 at 6:37 am and is filed under Hardware, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Remote Code Execution Through Intel CPU Vulnerability Will Be Presented In Hack In The Box Security Conference

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »