This Week in Security: Zen Jailbreak, Telegram Exploit, and VMware Hyperjack
2 min read
Summary
Google has released more information on the AMD Zen microcode issue, which was first covered a month ago.
The bug revolves around the verification of microcode updates for AMD’s Zen processor family.
Microcode is the firmware that controls the emulation of X86-64 processors; it needs to be signed to guarantee the security of modern computing.
AMD has a straightforward system for signing and verifying microcode patches, which involves a 2048-bit RSA public key and signature.
The hashing algorithm used is the AES Cipher Message Authentication Code (AES-CMAC) hash algorithm, but the key was extractable and was a NIST example key.
The AES-CMAC collision only generates a public RSA key, but an attacker can use this to produce the private key needed to sign these microcode updates by using a public key that is the product of more than two primes and is thus relatively easy to factor.
The Telegram app has a problem deciding what to do with a .htm file sent as a video using the telegram API, which can be used to trick an unsuspecting user into downloading a fake video player APK, potentially leading to device compromise. This vulnerability is still unpatched.
