Researchers create a new ÆPIC Leak exploit that affects the last three generations of Intel Core CPUs
ÆPIC Leak receives its name from the Advanced Programmable Interrupt Controller, or APIC, which operates by handling interrupt requests and controlling multiprocessing. Researchers note that the leak is the first processor exploit “able to disclose sensitive data architecturally.” Developers or users can test the vulnerability for themselves as it has become open-sourced by the Graz Institute of Technology for demonstration purposes. Presently, there is no information for the newest patch to assist with eliminating the vulnerability, but it is reported that Intel was notified last December. A privileged attacker (Administrator or root) is required to access APIC MMIO. Thus, most systems are safe from ÆPIC Leak. However, systems relying on SGX to protect data from privileged attackers would be at risk, thus, have to be patched. To avoid the vulnerability, which uses the CVE tag CVE-2022-21233, users will need to disable APIC MMIO or avoid SGX at this time. News Sources: TechPowerUP, GitHub