On Thursday, 21 September 2017 07:23:01 UTC+1, Alex wrote: > Replying to this thread to report that somebody DID ACTUALLY find an > exploitable vulnerability in the latest IME 11+, and they will be > sharing nothing less that this UNSIGNED CODE EXECUTION vuln at blackhat > europe 2017. > > Abstract here: > https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668 > > Title is pretty scary, but we'll see if it's actually that dangerous... > > -- > Alex
Was going to post the same. 2 Russian researchers that a couple weeks ago found out a way to clean some modules on Intel ME now have found a significative exploit that allows them to actually run code on a piece of hardware with direct access to the network. The scary thing is - it's impossible to detect. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2f3a80dc-0bfa-4e07-a5ee-16606b435275%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.