Peculiar Side-Channel Attack Threatens Windows, Linux and MacOS

Side-channel attacks no more remain a unique or shocking thing in the realm of cybersecurity. These attacks usually exploit one or another vulnerability within the CPU. However, researchers have recently unveiled details about a unique hardware-agnostic side-channel attack. As reported, this peculiar form of cyber attack threatens major operating systems including Windows and Linux. Though the researchers did not demonstrate, it will supposedly affect MacOS too.

New Hardware-Agnostic Side-Channel Attack Revealed

Researchers have recently revealed details about their findings regarding a peculiar side-channel attack. What makes it different is its attack strategy that broadly targets the operating system instead of exploiting a CPU vulnerability. Researchers call it a hardware-agnostic side-channel attack that poses a threat to major operating systems such as Windows and Linux.

As elaborated in their research paper, the team has discovered a new attack strategy that targets a critical feature of any modern computer – the page cache. The operating system page cache takes an integral part of the memory that stores software cache. As described by the researchers,

“The page cache is a pure software cache that contains all diskbacked pages, including program binaries, shared libraries, and other files.”

The researchers have categorized this attack scenario as agnostic to hardware certain configurations. In summary, this particular side channel attack can cause operating systems to leak information over the network. In specific situations, a potential attacker can also wage remote attacks by exploiting this strategy. This makes the attack plausible in real-world scenarios, allowing an attacker to pilfer huge amounts of data as well as capture keystrokes.

Microsoft And Linux Assure A Fix

The researchers have provided explicit technical details about this hardware-agnostic side-channel attack in their paper. Moreover, they have also recommended some possible mitigation strategies to mitigate such attacks. They have also shared their discovery with Microsoft and Linux. They confirm that the vendors are ready to patch the flaw. As they stated,

“In our responsible disclosure, both Microsoft and the Linux security team acknowledged the problem and informed us that they will follow our recommendations with security patches to mitigate our attack.”

For now, the Linux version of this vulnerability has received the CVE ID CVE-2019-5489, that describes the problem in the following words.

“The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.”

Both Microsoft and Linux are working out to patch the problem soon.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil