Kaspersky will demonstrate how such an attack can be made in a presentation at the upcoming Hack In The Box (HITB) Security Conference in Kuala Lumpur, Malaysia, during October. The proof-of-concept attacks will show how processor bugs, called errata, can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler.More info at PC World.
"I'm going to show real working code...and make it publicly available," Kaspersky said, adding that CPU bugs are a growing threat and malware is being written that targets these vulnerabilities.
Different bugs will allow hackers to do different things on the attacked computers. "Some bugs just crash the system, some allow a hacker to gain full control on the kernel level. Some just help to attack Vista, disabling security protections," he said.
The demonstrated attack will be made against fully patched computers running a range of operating systems, including Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux and BSD, Kaspersky said, adding that the demonstration of an attack against a Mac is also a possibility.
Intel processor errata could allow hackers to take over your system
Posted on Tuesday, July 15 2008 @ 21:11 CEST by Thomas De Maesschalck
Security researcher and author Kris Kaspersky will demonstrate at a Swedish security conference in October how attackers can exploit bugs in Intel's processors to remotely control a computer using JavaScript or TCP/IP packets.