Menu
What's new
By:
Filters Better Search

News TikTag unfixable Arm vulnerability

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

DJones said:
Tiktag unfixable arm vulnerability.
Click to expand...

No - just disable the feature for ARMv8.5A - which this is a specific feature...

Arm Memory Tagging Extension: Security Update

Arm is aware of research papers from academics at VUSec Group, Vrije Universiteit Amsterdam, and CompSec Lab, Seoul National University, which demonstrate how speculative probing can potentially be used to determine Arm Memory Tagging Extension (MTE) allocation tags.
developer.arm.com developer.arm.com
 
sfx2000 said:
No - just disable the feature for ARMv8.5A - which this is a specific feature...

Arm Memory Tagging Extension: Security Update

Arm is aware of research papers from academics at VUSec Group, Vrije Universiteit Amsterdam, and CompSec Lab, Seoul National University, which demonstrate how speculative probing can potentially be used to determine Arm Memory Tagging Extension (MTE) allocation tags.
developer.arm.com developer.arm.com
Click to expand...

The title is just quoting the video.
 
jerry6 said:
everything is end of the world these days
Click to expand...
And many security experts are masterclickbaiters. A lot of them publish incomplete, sometimes out of date information, and push it as if they had just discovered the Holy Grail... I remember a few years ago one of them published a long article about a few CVEs present in Asus routers. His article failed to disclose that all mentionned CVEs were already fixed 6+ months ago.

Linus Torvalds had a few choice words about them a few years ago, and I totally agreed with his opinion back then.
 
RMerlin said:
CVEs were already fixed 6+ months ago
Click to expand...

Would you be happier if the information published was current with not yet fixed firmware? I strongly believe most of this information is presented after the issue was fixed, no? Otherwise it won't be just educational, but instructions how to exploit the vulnerability.
 
RMerlin said:
And many security experts are masterclickbaiters. A lot of them publish incomplete, sometimes out of date information, and push it as if they had just discovered the Holy Grail... I remember a few years ago one of them published a long article about a few CVEs present in Asus routers. His article failed to disclose that all mentionned CVEs were already fixed 6+ months ago.
Click to expand...

Correct - and sometimes these "disclosures" are suspect in other ways - I recall a couple of years back on a set of items for the AMD Zen platform that was a bit suspicious and coupled to trading in AMD stock (short sellers)...
 
Tech9 said:
Would you be happier if the information published was current with not yet fixed firmware? I strongly believe most of this information is presented after the issue was fixed, no? Otherwise it won't be just educational, but instructions how to exploit the vulnerability.
Click to expand...
If you publish the information 2 weeks after the issue was fixed and nobody knows yet that it was fixed, then you are doing a service.

If you publish the information 6-12 months after it was fixed and already announced in the changelogs published 12 months ago that it was fixed AND you don't even mention in your article that it was already fixed, generating unnecessary panic, then you are clickbaiting.
 
I agree clickbate is a problem. With this post I just couldn’t be bothered to deep dive into the details, but it was recent enough to post.

Figured the research paper would be sufficient to those that this matters to, and the video would help those with limited background in arm/Linux to understand the problem a little better.
 
You must log in or register to reply here.

Similar threads

PR3MIUM
UEFIcanhazbufferoverflow
Replies
6
Views
991
RMerlin
RMerlin
D
News 'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems
Replies
1
Views
568
PR3MIUM
PR3MIUM
D
News Windows Wi-Fi Driver Remote Code Execution Vulnerability CVE-2024-30078
Replies
2
Views
2K
Wallace_n_Gromit
Wallace_n_Gromit
PR3MIUM
Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi Networks
Replies
15
Views
1K
sfx2000
sfx2000
sfx2000
News SSID Confusion attack, tracked as CVE-2023-52424
Replies
4
Views
1K
sfx2000
sfx2000

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 901 (members: 14, guests: 887)
Top