The x86 CPU family has been vulnerable to many attacks in recent years, regardless of the company behind it. Although the manufacturers are working for patches, a new exploit is emerging every day. Specter and Meltdown, as you know, affected both AMD and Intel processors. Now affecting 10th generation, 11th generation and 12th generation Intel Core processors A new vulnerability called “ÆPIC Leak” surfaced.
Named after the Advanced Programmable Interrupt Controller (APIC), the leak is claimed to be the first CPU vulnerability that can “architectically disclose sensitive data.” This flaw in Intel-signed processors Pietro Borrello (Sapienza University of Rome), Andreas Kogler (Graz Institute of Technology), Martin Schwarzl (Graz), Moritz Lipp (Amazon Web Services), Daniel Gruss (Graz University of Technology) and Michael Schwarz (CISPA Helmholtz Center Information Technology) security), researchers such as discovered.
“ÆPIC Leak is the first CPU bug that can expose sensitive data based on architecture. It exploits a vulnerability in recent Intel CPUs to leak data from the processor itself: APIC MMIO incorrectly returns old data from the cache hierarchy on most 10th, 11th and 12th generation Intel CPUs.
Unlike ad hoc execution attacks like Meltdown and Specter, ÆPIC Leak is an architecture-based bug: sensitive data can be exposed directly without relying on any side-channels.
An attacker with privileges (admin or root) is required to access APIC MMIO. Therefore, most systems are safe against ÆPIC Leak. However, systems relying on SGX to protect data from privileged attackers will be at risk, so patching is required.”
The vulnerability, labeled CVE-2022-2123, is said to have been reported to Intel in December 2021. In addition, we do not currently know whether the company is working on the exploit in question.