Intel Patches Flaws In Trusted Execution Tech
An anonymous reader writes “Joanna Rutkowska’s company Invisible Things Lab has issued the results of their research into flaws in Intel’s Trusted Execution Technology (TXT), whose function is to provide a mechanism for safe loading of system software and to protect sensitive files. ITL describes how flaws in TXT can be used to compromise the integrity of a software loaded via an Intel TXT-based loader in a generic way, fully circumventing any protection TXT is supposed to provide. The attack exploits an implementation error in the so-called SINIT Authenticated Code modules and that could potentially allow a malicious attacker to elevate their privileges. Intel has released a patch for the affected chipsets, which include the Q35, GM45, PM45 Express, Q45, and Q43 Express.” Here are ITL’s press release and Intel’s advisory (both PDF).
- Critical XSS Flaws Patched In WordPress and Popular Plug-In
- Facebook “Trusted Contacts” Lets You Pester Friends To Recover Account Access
- US-CERT Discloses Security Flaw In 64-Bit Intel Chips
- Flaws In ZRTPCPP Library, Used In Secure Phone Apps
- ICS-CERT Warns of Serious Flaws In Tridium SCADA Software