A security vulnerability in Arm Cortex-X925, Neoverse V3, and older processors allows an attacker to escalate privileges and access protected system data. The company has known about the flaw for twelve months but delayed its disclosure to avoid disrupting chip production. The patch is ready, but millions of devices in circulation will never receive it.
The flaw affects the cache memory and allows bypassing the kernel 🛡️
The vulnerability, identified as CVE-2024-XXXX, exploits a weakness in the memory management system of branch prediction units. A local attacker with limited access can execute malicious code that corrupts the L2 cache and accesses restricted memory regions of the kernel. Arm recommends updating the firmware, but mid-range and low-end mobile manufacturers rarely distribute security patches beyond two years. Neoverse chips, used in servers, will receive the fix.
Your new phone was already obsolete at birth, but don't worry 😅
The good news is you can still watch memes and use TikTok without anyone stealing your data. The bad news is that if a cybercriminal finds out your shiny new terminal has an unpatched Cortex chip, they can read your passwords while you have a coffee. But hey, Arm already sold the designs, manufacturers already got paid, and you already paid. The important thing is that production didn't stop. Security, well, that's something to be seen later.