A team of researchers from several colleges and businesses has revealed a new Intel CPU attack technique that might allow an attacker to get potentially sensitive information. Researchers from Sapienza University of Rome, Graz University of Technology, the CISPA Helmholtz Center for Information Security, and Amazon Web Services collaborated on the study.

ÆPICis an (SGX) attack technique connected to the Advanced Programmable Interrupt Controller (APIC). This integrated CPU component handles interrupt acceptance, prioritization, and dispatching to processors. The APIC registers are accessible through a memory-mapped I/O (MMIO) page while in xAPIC mode. An attacker must have administrator or root access to the APIC MMIO in order to carry out a PIC Leak attack. PIC Leak, according to the researchers, poses a serious danger to programs that rely on the Intel Software Guard Extensions (SGX) technology, which is intended to safeguard data from privileged attackers.

The researchers that discovered this attack method were engaged in the discovery of multiple side-channel techniques that impact various CPUs, including the well-known Meltdown and Spectre attacks and their variations. However, unlike Meltdown and Spectre, which are transitory execution threats, AEPIC Leak arises owing to an architectural fault that results in the leaking of sensitive data without the need of a side channel. They called it "the first CPU bug capable of structurally revealing critical info."

Users whose PCs are powered by a recent Intel CPU are likely vulnerable by the vulnerability. At the same time, those who do not utilize SGX are not at risk, according to the researchers. The vulnerability can be avoided by disabling APIC MMIO or avoiding SGX.

AEPICLeak CPU bug affects Intel Core processors from the 10th, 11th, and 12th generations