Last year, Positive Technologies, a Russian security firm, was able to uncover a flaw in Intel’s Management Engine technology that would allow attackers to gain physical access to computers using Intel’s chips. Apple’s computers were some of those impacted by this bug, but the company released patches that fix the issue in macOS High Sierra 10.13.3.
Intel ME Flaw
Intel ME is a microcontroller integrated into the Platform Controller Hub (PCH), which means it has access to all the communications happening between the CPU and external devices and all the data on the computer.
The Positive Technologies researchers found a flaw that allows unsigned code to run on the PCH on any chipset for the Skylake generation chips and newer. The vulnerability could allow attackers to implant spyware into the Intel ME code. It would also be invisible to most traditional security tools, as the malware would be running on its own separate ME processor. The malware wouldn’t slow down the main CPU, either, which would make it difficult to notice if anything is wrong. Additionally, it would be resistant to both OS and BIOS updates.
Intel identified the following processors as vulnerable to the flaw discovered by the Positive Technologies researchers:
- 6th, 7th & 8th generation Intel Core processor family
- Intel Xeon Processor E3-1200 v5 & v6 product family
- Intel Xeon Processor Scalable family
- Intel Xeon Processor W family
- Intel Atom C3000 processor family
- Apollo Lake Intel Atom Processor E3900 series
- Apollo Lake Intel Pentium
- Celeron N and J series processors
OEMs Slowly Patching The ME Flaw
Although Intel itself released a fix at the end of November last year, it’s only now that PC vendors such as Apple are starting to patch users’ machines against these flaws. The update model for chip microcode is relatively similar to the Android model, where Intel would release the fix, but it could take months for OEMs to fix their devices, and many of the older devices may be forgotten.
If they haven’t fixed the ME flaw yet, other OEMs may now prioritize issuing firmware updates for the more public Meltdown and Spectre flaws, which were revealed last month.
Last year, Intel also released a detection tool to see if your computer is still vulnerable to this ME bug. Intel also made available a list of support pages from various OEMs, where you can check if a fix has been made available for your PC.