Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

TIKTAG ravishes Google Chrome and Linux systems

Some time will pass until there is a permanent solution.

3 min. read

Published onJune 18, 2024

published onJune 18, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

In a world heavily dependent on digital security, an emerging speculative execution attack is called “TIKTAG.” It focuses on ARM’s Memory Tagging Extension (MTE) for leaking data with a success rate of over 95%.

This finding, from a group of researchers in Korea who come from well-known places such as Samsung, Seoul National University, and the Georgia Institute of Technology, has created waves within the tech community.

The attack explicitly affects Google Chrome and Linux systems. It uses speculative execution to bypass the protections provided by MTE, which is designed to identify and stop memory corruption by assigning tags to memory parts.

Memory Tagging Extension (MTE) was created to protect against memory corruption attacks and first appeared in the ARM v8.5-A structure. Yet, the researchers managed to misuse this system by employing two gadgets known as TIKTAG-v1 and TIKTAG-v2.

The result of their attempt showed a leak in MTE memory tags with a high success rate within a short period. Even though this leakage doesn’t directly reveal sensitive information such as passwords or encryption keys, it could let attackers evade the safety characteristic, making it useless for fighting against hidden memory corruption attacks.

The effects of this finding are strong.From November to December 2023, the research results were known to the affected groups, such as ARM and Google. Even though everyone agrees there is a problem, they have not done anything to solve it yet.ARM issued a bulletinstating that while they recognized the seriousness of the situation, it was not viewed as a compromise of the feature.

The Chrome security team admitted problems but chose not to fix vulnerabilities, explaining that the V8 sandbox is not meant to ensure the confidentiality of memory data and MTE tags.

As suggested by the researchers, the proposed mitigations against TIKTAG attacks consist mainly of altering hardware design to stop speculative execution from changing cache states according to tag check results.

Another idea is improving sandboxing mechanisms to reduce the effect of such attacks. However, the industry’s reaction is not clear. There has been no immediate response or action to fix these vulnerabilities.

This finding shows the continuous fight between improving technology and attackers’ persistent attempts to discover new methods to exploit weaknesses. You might want to reconsider if you’ve been considering migrating to Linux,as many have.

As more people start using MTE, tech community members must remain watchful and cooperate in dealing with these fresh dangers so that our digital world remains secure and trustworthy.

More about the topics:ARM processors,Linux

Flavius Floare

Tech Journalist

Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.

He’s always curious and ready to take on everything new in the tech world, covering Microsoft’s products on a daily basis. The passion for gaming and hardware feeds his journalistic approach, making him a great researcher and news writer that’s always ready to bring you the bleeding edge!

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Flavius Floare

Tech Journalist

Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.