Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers. This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer. For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages. Similarly, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer.
hoooooo boyyyyy
I don’t understand the attack well enough to understand if it’s really practical to exploit from one vm into another, but boy that sounds really, really bad.
Of course “a malicious app obtained from an app store […]” is not really surprising since I just always assume there are privilege escalation zero days out there at all times…