The Nightmare Before Christmas: Security Flaws Inside our Computers

Towards the middle of last year, some researchers at the University of Graz published a paper in which they proposed a new mitigation called KAISER for a software vulnerability associated with something called ASLR.

ASLR – Address Space Layout Randomization – is a widely-used technique for ensuring that malware can’t easily find out where critical data is loaded into a running process, and subsequently exploit this. ASLR is only one defense and it isn’t perfect. Attacks on ASLR have been known for a long time. Consequently, it was surprising that, not long after this, the Linux kernel team, Microsoft, and Apple, all started working on significant patches ostensibly to implement KAISER.

We now know that a small number of privileged insiders had knowledge about a much more serious security vulnerability. Unlike most vulnerabilities, this one was intrinsic to the very hardware on which software runs, specifically, Intel CPUs. Worse, this problem could not be resolved with a simple microcode update. It was intrinsic to the design of the CPU chip itself.

Read more about how an Intel design decision led to one of the biggest vulnerabilities in recent history on DarkReading.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here