Year: 2018

Major OS Players Misinterpret Intel Docs, and Now Kernels Can Be Hijacked

Multiple operating system vendors issued coordinated patches this week to address a common vulnerability across their platforms, which was introduced thanks to widespread misinterpretation of Intel developer documentation.

According to the CERT/CC team, most major players (including Apple, FreeBSD, Microsoft, Red Hat, Ubuntu, VMWare and Xen, plus distros based on the Linux Kernel OS) built an uncannily similar privilege escalation flaw into their Intel-based products.

The flaw isn’t remotely exploitable – a bad actor would need to gain local access to the victim’s machine via malware or stolen credentials. But once in, CERT/CC explained that an attacker armed with OS APIs could access sensitive memory information, and also “control low-level OS functions” by gaining elevated access privileges to the kernel level – i.e., hijack the code that controls the PC, Mac or VM.

From there, Microsoft explained, it’s possible to install programs and malware; view, change or delete data; or create new accounts with full user rights.

On the more innocuous end of the threat-level spectrum, the issue can also simply crash the kernel by confusing the system, causing a denial-of-service state.

On the more technical front, the flaw (CVE-2018-8897) resides in a debug exception in the x86-64 architectures. To be clear, the issue doesn’t exist in the chip itself, but rather in the way developers have built their software stacks to interact with the processor.

As Red Hat explained, modern processors provide debugging infrastructure, used by system designers and application developers to debug their software and monitor events, including memory access (read or write), instruction execution and I/O port access.

“When such an event occurs during program execution, the processor raises a Debug Exception (#DB) to transfer execution control to debugging software,” the company said in its overview of the flaw. “This catches the debug exception and allows a developer to examine program execution state.”

Developers appear to have widely misunderstood the way Intel processors handle that exception, leading to the same issue popping up across the computing landscape.

“The error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions, namely MOV to SS and POP to SS,” CERT/CC said.

The CERT/CC team explained the problem in an advisory: “In certain circumstances, after the use of certain Intel x86-64 architecture instructions, a debug exception pointing to data in a lower ring (for most operating systems, the kernel Ring 0 level) is made available to operating system components running in Ring 3.”

Nick Peterson of Everdox Tech, who first uncovered the vulnerability, pointed the finger at what he said was Intel’s lack of clarity in its instruction manual. In a technical brief, he noted, “This is a serious security vulnerability and oversight made by operating system vendors due to unclear and perhaps even incomplete documentation.”

We reached out to Intel and received an official statement:

“The security of our customers and partners is important to us. To help ensure clear communication with the developer community, we are updating our Software Developers Manual (SDM) with clarifying language on the secure use of the POP/MOV-SS instructions. We recommend that system software vendors evaluate their software to confirm their products handle the situations in question. More information is available here.”

Creating secure computing environments obviously takes coordination between the chipmaker, software developers and vendors; however, there are always blind spots. In this case, once the chip is out the door, Intel has no visibility or control over how developers build software to use its silicon.

Report: Apple to sell subscription services via Apple TV app called “TV”

“Apple Inc.’s plan to reinvent cable TV is starting to look a lot like the strategy of its rival Amazon,” Lucas Shaw, Gerry Smith, and Mark Gurman report for Bloomberg. “For the first time, Apple plans to begin selling subscriptions to certain video services directly via its TV app, rather than asking users to subscribe to them through apps individually downloaded from the App Store, according to people familiar with the matter.”

“This would simplify the process and bolster Apple’s TV app on Apple TV, iPhones and iPads, making it a central place for people to find, watch, and buy content,” Shaw, Smith, and Gurman report. “Right now, the TV app aggregates content from other providers, allowing people to locate shows from a wide array of apps and channels like ABC, NBA League Pass and HBO, rather than having to hop between different apps. But then Apple sends customers outside its app to buy access to those channels or watch shows. With the pending change, subscription purchasing would move to the TV app. Apple could eventually move the streaming to its own app, instead of sending users to third parties.”

“Cupertino, California-based Apple plans to roll out this feature in the next year, the people said, asking not to be identified discussing plans that aren’t public,” Shaw, Smith, and Gurman report. “Potential partners described Apple’s efforts with the TV app as the company’s latest experimentation. ”

Read more in the full article here.

Apple’s 9.7-Inch iPad (5th Generation) for $80.00 off at Walmart

“If you’re in dire need of a tablet, Walmart has a great deal on Apple’s 9.7-inch iPad (5th Gen), but you’ll probably have to hurry since these deals tend to disappear quite fast,” Cosmin Vasile reports for phoneArena. “Here is your chance to score a cheaper Apple iPad 9.7-inch (5th Gen) slate.”

“First off, it’s worth mentioning the 32GB Wi-Fi Apple iPad (5th Gen) usually sells for $330, but some retailers have it available for $300,” Vasile reports. “Walmart is now selling the 32GB Wi-Fi version of the 9.7-inch iPad (5th Gen) for only $249, which means you could save $80 when you buy.”

Vasile reports, “It’s also worth mentioning that you can get the 9.7-inch iPad (5th Gen) in either silver or gold colors, as the space gray model isn’t on sale.”

Read more in the full article here.

Are you Disabled and can’t pick up your iPhone? Here’s an easier option

Some Persons with Disabilities may have a hard time with grasping objects, depending on the type of disability.  One such object maybe the iPhone when trying to bring the device to the user's ear.

The iPhone has a way that persons can answer it in three ways: Normal speaker, Airpods, or Speaker phone.  This tip will show how to set it up to answer by speaker phone.

1.  Go to SETTINGS > GENERAL >  ACCESSIBILITY.

2.  Scroll down to where it says "CALL AUDIO ROUTING.

3.  Select the SPEAKER option.

4.  That's it.

Now, when you answer the phone, it'll go right to the speaker phone.

You may have Missed:

Verified by MonsterInsights