"New TikTag Attack Targets Arm CPU Security Feature"

A team of researchers from Seoul National University, Samsung Research, and the Georgia Institute of Technology revealed a new speculative execution attack called "TikTag" targeting a hardware security feature in Arm CPUs. TikTag enables attackers to bypass protections. The researchers demonstrated the attack on the Memory Tagging Extension (MTE), a security feature introduced with the 8.5-A architecture that detects memory corruption. With TikTag gadgets, attackers could use speculative execution to leak MTE tags from arbitrary memory addresses, allowing them to exploit memory corruption vulnerabilities for arbitrary code execution, privilege escalation, data leakage, and more. The attack method was demonstrated against the Chrome web browser and the Linux kernel, showing how an attacker could circumvent MTE defenses to exploit memory corruption vulnerabilities. This article continues to discuss the new TikTag attack.

SecurityWeek reports "New TikTag Attack Targets Arm CPU Security Feature"

Submitted by grigby1