Joanna Rutkowska, who made a splash when she published the infamous "Blue Pill" rootkit two years ago, unveiled the new exploit in her blog yesterday, complete with a paper describing how it works.
Separately, researcher Loic Duflot presented a paper on the same vulnerability yesterday at the CanSecWest conference. Rutkowska gives Duflot the credit for creating the first exploit of the vulnerability.
In a nutshell, the exploits describe ways in which an attacker might use flaws in Intel's CPU caching technology to access the memory of an Intel-based machine, or to gain remote control of that machine. This is the third vulnerability that Rutkowska's Invisible Things Lab has discovered in the Intel processor in the past 10 months; she presented a paper on weaknesses in the Intel Trusted Execution Technology (TXT) at the Black Hat DC conference last month.
"It seems that the current state of firmware security, even in case of such reputable vendors as Intel, is quite unsatisfying," Rutkowska said in her blog.
Intel has been informed of the vulnerabilities, the researchers said, though it is not clear when patches might be forthcoming.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message