February 2, 2018

Apple fixes security hole in Intel ME discovered by Positive Technologies

Apple has released a security update for macOS High Sierra 10.13.2, macOS Sierra 10.12.6 and OS X El Capitan 10.11.6, that patches a vulnerability in Intel Management Engine found by Positive Technologies experts Mark Ermolov and Maxim Goryachy. Details are available in a security document on the Apple support website.

Intel Management Engine is a microcontroller integrated into the Platform Controller Hub (PCH) with a set of built-in peripherals. Since the PCH is the conduit for almost all communication between the CPU and external devices, Intel ME has access to practically all data on the computer. The researchers found a flaw that allows running unsigned code on the PCH on any chipset for Skylake processors and later. The vulnerability is detailed in a November 20 advisory on the Intel Security Center website. Vulnerable chipsets are used worldwide on an enormous number of devices, from consumer and business laptops to corporate servers.

Maxim Goryachy and Mark Ermolov gave a technical talk about Intel ME security at Black Hat Europe in London in December 2017. The full text of their research is available on the Positive Technologies blog.

The researchers also found that Intel's patch does not rule out the possibility of exploitation of vulnerabilities CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707. An attacker possessing write access to the ME region can always write a vulnerable version of Intel ME firmware to SPI flash (in effect, downgrading Intel ME) in order to exploit the vulnerabilities.

No comments:

Post a Comment