Intel processors are vulnerable to another set of major security threats, security experts at two research teams disclosed earlier this week.
According to Ars Technica, the exploits go after Intel’s Software Guard eXtensions (SGX), a set of instructions designed to protect important apps and data.
Called SGAxe, the first of the flaws is an evolution of the previously uncovered CacheOut attack (CVE-2020-0549) earlier this year that allows an attacker to retrieve the contents from the CPU’s L1 Cache.
“By using the extended attack against the Intel-provided and signed architectural SGX enclaves, we retrieve the secret attestation key used for cryptographically proving the genuinity of enclaves over the network, allowing us to pass fake enclaves as genuine,” a group of academics from the University of Michigan said.
Using SGAxe, an attacker could steal legitimate SGX attestation keys from Intel’s quoting enclave in existing SGX machines, meaning they could then impersonate such systems and gain access to target devices.
The second line of attack, dubbed CrossTalk by researchers from the VU University Amsterdam, enables attacker-controlled code executing on one CPU core to target SGX enclaves running on a completely different core, and determine the enclave’s private keys. The researchers say the CrossTalk vulnerability is another type of microarchitectural data sampling attack.
MDS attacks target user data while in a “transient” state, as it’s being processed inside the CPU and its many data-caching systems. More specifically, CrossTalk attacks data while it’s being processed by the CPU’s Line Fill Buffer, one of these aforementioned CPU cache systems.
Intel says it has already released fixes and patches to cover some of the damage, but some issues still remain a threat, with machines using the company’s 9th generation Coffee Lake Refresh processors particularly at risk.