Michael Verrenkamp <jabjabs@fastmail.com.au> writes:
While details are a little light at the moment, it looks like some of the low-level Intel management systems have been cracked and ready for both local and online exploitation.
The remote exploit vulnerability is bad. Usually, the Intel ME squats like a troll between the CPU and the rest of the world, stopping the user (via lying to the CPU) from having free access to their machine. The remote exploit doesn't help that situation at all; the troll remains blocking the user, but a remote attacker can trick the troll into giving them remote control, *still* without knowledge or authority of the user. Matthew Garrett has a more measured post describing the boundaries of the vulnerability <URL:http://mjg59.dreamwidth.org/48429.html> as currently understood from public information. I didn't read about local exploits of this vulnerability. Does that have any benefit for users wanting to circumvent the ME for gaining better control over their machine?
This is why we need projects like Librecore.
Definitely. This is also why AMD should be avoiding going down the same path with PS <URL:https://libreboot.org/faq.html#amd>. -- \ “It's all in the mind, you know.” —The Goon Show | `\ | _o__) | Ben Finney