Arm’s Memory Tagging Extensions Need A Helping Hand
Say Hello To Speculative Execution Attacks, Again
We’ve been hearing a lot about speculative execution attacks, though until now it’s generally referred to issues with Intel and AMD processors. Well, it seems Arm can join those two companies out on the very uncomfortable branch after researchers found ways to defeat MTE, which was Arm’s defense against those attacks. Their research contradicts the findings of Google’s Project Zero, which announced that MTE works perfectly at stopping these sort of attacks. You’d better hope Google was right, as these researchers claim to be able to defeat MTE 95% of the time, and do it in less than four seconds.
The code is available on GitHub, via a link from the story at The Register if you want to find out the truth. The flaw is able to define MTE tags via Google Chrome on Android as well as the Linux kernel, once you have those tags you can then attempt to use memory exploits to gain access to the device. This is just a first step in infection, but once you’ve figured out some of the tags on a device there are a number of exploits you can use.
Keep your eye out for more details as Google and Arm investigate.
Researchers affiliated with Seoul National University in South Korea, Samsung Research, and Georgia Institute of Technology in the US have found that they can break MTE through speculative execution.
More Tech News From Around The Web
- QNAP QDA-UMP4A M.2 to U.2 Adapter Shown at Computex 2024 @ ServeTheHome
- Copilot+ PCs launch with Windows 11 24H2; update is still in beta for everyone else @ Ars Technica
- Feds sue Adobe and execs for stinging subscribers with ‘hidden’ cancellation fees @ The Register
- Nearly 20% of Running Microsoft SQL Servers Have Passed End of Support @ Slashdot
- Fake Google Chrome errors trick you into running malicious PowerShell scripts @ Bleeping Computer
- MacBook Air gets hosed, other models hold steady in macOS 15 as Intel support fades @ Ars Technica
- Nvidia Vaults Past Apple and Microsoft To Become World’s Most Valuable Company @ Slashdot
- The Guinness Brewery Invented One Of Science’s Most Important Statistical Tools @ Hackaday
- ELEGOO Mars 4 Ultra 3D Printer Review @ NikKTech
- TT Show Episode 38 – Everything Worth Knowing About Computex 2024
