Is this just 0086? Doesn’t include unpatched May’s 0075 for remote exploitation? @mjg59
Attacking #IntelME by @h0t_max & @_markel___ at #BHEU
1. Requires malformed file on SPI flash (needs physical access or bug in BIOS)
2. Bug in early-loaded module, so ME "disabling" by HAP is not a cure
3. Culprit is classic(!) stack overflow
4. Full code exec in ME
Congrats!pic.twitter.com/own7OZCgxg
-
-
-
As I understand it: 0075 plus 0086 gives you remote execution as *AMT*. If it's possible to reflash the BIOS from there then can you escalate that to full ME.
-
Exactly!
End of conversation
New conversation -
-
-
Any word on AMD's equivalent in Ryzen CPUs ?
-
I guess AMD vs. Intel is like Mac vs. PC in the past: barely anybody looks at them because so few people use them.
-
Sure.
End of conversation
New conversation -
-
-
@intel needs real, foreign competition -
you mean like ARM?
-
Tweet unavailable
-
Not to mention the hideous multilevel DRM baked deep into ARMv8. (Though the namecalling was unnecessary.)
-
New conversation -
-
-
Thanks a lot!!!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@Puri_sm looks like new work is incoming!?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thank you!
-
Very nice :) are there any public slides/video/paper ?
End of conversation
New conversation -
-
-
Was it a strcpy?
-
Scratch that. I still want to yell at people to use annex K functions.
End of conversation
New conversation -
-
-
For once I want these vulnerabilities to be exploited in wild. Sure it will create chaos but at least Intel will come to their senses and remove it completely, otherwise they have no incentive to do so...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.