6 comments

[ 3.2 ms ] story [ 21.4 ms ] thread
No, they don't. In order to "exploit" this "bug" you need to be in ring 0. And if you are in ring 0 you own everything anyway. This is clickbait.
It probably can be used to escape virtual machines going from root to ring -2, escaping the hypervisor. It can also modify uefi, making it far more difficult to remove the malware.
That's the idea that probably contributed to this problem: the model says that ring 0 is all powerful. But in a richer model, we might change who has ring 0—we might sell a machine, or get it infected and then want it clean. Root kits that can persist even when a later ring 0 wants them gone? That's surprising. So we learn to enrich our model to say something about time and causality, maybe.