The x86 processor family — specifically Intel's 10th Gen through 12th Gen Core CPUs, has seen its fair share of attacks over the last decade with exploits like Spectre and Meltdown, which still plagues the series of processors to this day, as well as rival AMD and their processors. Recently, researchers found that the three Intel Gen Core families were capable of being overrun by a new processor exploit, the ÆPIC Leak.
Researchers create a new ÆPIC Leak exploit that affects the last three generations of Intel Core CPUs
ÆPIC Leak receives its name from the Advanced Programmable Interrupt Controller, or APIC, which operates by handling interrupt requests and controlling multiprocessing. Researchers note that the leak is the first processor exploit "able to disclose sensitive data architecturally."
Pietro Borrello from the Sapienza University of Rome, Andreas Kogler, Daniel Gruss, and Martin Schwarzl of the Graz Institute of Technology, Moritz Lipp of Amazon Web Services, and Michael Schwarz of the CISPA Helmholtz Center for Information Security were the research team that found the new exploit.
ÆPIC Leak is the first CPU bug able to architecturally disclose sensitive data. It leverages a vulnerability in recent Intel CPUs to leak secrets from the processor itself: on most 10th, 11th and 12th generation Intel CPUs the APIC MMIO undefined range incorrectly returns stale data from the cache hierarchy. In contrast to transient execution attacks like Meltdown and Spectre, ÆPIC Leak is an architectural bug: the sensitive data gets directly disclosed without relying on any (noisy) side channel. ÆPIC Leak is like an uninitialized memory read in the CPU itself.
A privileged attacker (Administrator or root) is required to access APIC MMIO. Thus, most systems are safe from ÆPIC Leak. However, systems relying on SGX to protect data from privileged attackers would be at risk, thus, have to be patched.
Developers or users can test the vulnerability for themselves as it has become open-sourced by the Graz Institute of Technology for demonstration purposes. Presently, there is no information for the newest patch to assist with eliminating the vulnerability, but it is reported that Intel was notified last December.
To avoid the vulnerability, which uses the CVE tag CVE-2022-21233, users will need to disable APIC MMIO or avoid SGX at this time.