For all along, there was a hidden vulnerability in the official system APIs! Due to misinterpretation of Intel’s documentation for the Intel x86-x64 platform. Using this vulnerability, official APIs would allow a hacker to legitimately get into the control of a system. Thankfully, all the infected systems have released a patch for the vulnerability.
The flaw
The vulnerability was due to the wrong implementation of hardware debug mechanism in Intel x86-x64 architectures. To be more precise, it was within MOV SS and POP SS instructions that caused the ruckus.
The working procedure would be too much of a complex topic in this case, but long story short – the vulnerability allowed kernel Ring 0 data available to the OS components running in the Ring 3. Thus, utilizing operating system APIs, a hacker could gain access to the sensitive memory data from the kernel. With such power, it’s possible to control low-level operating system functions and ultimately, take over the system.
This issue has also made its way into different virtualization software like Xen and VMware.
OS vendor coordination for patch
This time, operating systems have made a joint effort in patching up this vulnerability. This led to the release of the patch almost at the same time for every operating system – Windows, Linux (Ubuntu, SUSE Linux, Red Hat, and FreeBSD etc.), and Apple.
This is quite nice to see every vendor coming altogether to solve issues, unlike the jumbled and messed up the process for Meltdown and Spectre mitigation patches.
Reason for the vulnerability
The reason for this vulnerability was because of the improper documentation of Intel. It’s marked as CVE-2018-8897 and fortunately, not exploitable remotely. The attacker needs an already infected system for running the codes for exploiting this flaw.
According to Nick Peterson of Everdox Tech, LLC who identified the flaw blames the incomplete documentation. Peterson and the CERT/CC team also makes it clear that all the OS made the mistake in the same pattern relating to the MOV SS and POP SS instructions.
How to stay secured
In order to stay secure, you have to make sure that your system is up-to-date. You have to update your operating system right now. Moreover, stay safe from any possible malware threats.
