Klar gibt es wie jedes Jahr auf der [Blackhat](https://www.blackhat.com/us-15/briefings.html) Enthüllungen die neu sind. Folgende ist aber, wie ich finde, mal was neues. [THE MEMORY SINKHOLE - UNLEASHING AN X86 DESIGN FLAW ALLOWING UNIVERSAL PRIVILEGE ESCALATION](https://www.blackhat.com/us-15/briefings.html#the-memory-sinkhole-unleashing-an-x86-design-flaw-allowing-universal-privilege-escalation) > Lost in this byzantine maze of decades-old architecture improvements and patches, there lies a design flaw that's gone unnoticed for 20 years. In one of the most bizarre and complex vulnerabilities we've ever seen, we'll release proof-of-concept code exploiting the vast, unexplored wasteland of forgotten x86 features, to demonstrate how to jump malicious code from the paltry ring 0 into the deepest, darkest realms of the processor. Best of all, we'll do it with an architectural 0-day built into the silicon itself, directed against a uniquely vulnerable string of code running on every single system. Das ist ein Architektur-Problem, kein Bug in einer Software, den man patchen könnte... [Code](https://github.com/xoreaxeaxeax/sinkhole) [Präsentation](https://www.blackhat.com/docs/us-15/materials/us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation.pdf) [Whitepaper](https://www.blackhat.com/docs/us-15/materials/us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation-wp.pdf) Aug 07 2015 © https://www.bananas-playground.net 2000 - 2024