How does the software protect?

Software Guard Extensions, abbreviated as SGX, the protection software is designed to provide a fortress to save encryption keys and other sensitive information, even when the operating system or a virtual machine operates maliciously.

This software works by creating trusted execution environments that protect sensitive code and data. It works by monitoring or tampering with anything else on the system.

Pillar of protection

SGX is a cornerstone of the security that many companies provide to users. For instance, servers that handle contact discovery for Signal Messenger rely on SGX to ensure the process is unknown. Running its advanced hashing scheme provides a "normal path for making private contact discovery in SGX without leaking any information to parties that control the machine, even if connected with physical hardware and the memory bus."

The example is purely imaginary. Signal spokesperson Jun Harada wrote in a mail: "Intel sent an alert message for us, and we were able to verify that the CPUs that Signal uses are not impacted by the findings and therefore are not vulnerable to the attack."The key to guaranteeing the security and authenticity of SGX is the creation of so-called "enclaves" or blocks of secure memory. The contents of the enclave are encrypted before exiting the processor and written to RAM. They are only decrypted after they are returned. The task of SGX is to protect the enclave's memory and block access to its contents to anyone but a trusted part of the CPU.

Where does the actual attack reside?

The vulnerability resides in APIC (Advanced Programmable Interrupt Controller) is a mechanism built into many modern CPUs that manages and routes interrupts, which are signals generated by hardware or software that cause the CPU to stop its current task so it can process a higher-priority event. The researchers who discovered the flaw named the vulnerability, and their proof-of-concept exploit ÆPIC Leak.

The bug that makes an ÆPIC Leak possible is an uninitialized memory read, which happens when memory space isn't cleared after the CPU processing has been finished, causing leaked old data that is no longer needed. Unlike previous CPU flaws with names like Spectre, Meltdown, Foreshadow, etc. —which resulted from temporary execution creating side channels that extract private data—ÆPIC Leak is an architectural flaw that resides in the processor.

Years of experiment

Since 2018, researchers have identified at least seven major security holes in SGX, some of which completely undermined the Intel assurances. On Tuesday, a research paper publicly identified a new hole that completely breaks SGX guarantees in most 10th, 11th, and 12th generation Intel CPUs. The chipmaker said it had issued mitigation measures preventing the researchers' experimental exploit from working further.