Hi,
lopidas wrote:
But the attack relies at being able to escape the virtual machine, if I understand it right.
If I remember right; it was a 2 part thing. First part is to exploit massive security holes in an OS to get CPL=0 access, then use that to install the VM (to prevent rootkit detection).
As a way to prevent this, most firmware has an "enable/disable hardware virtualisation" setting now (so it can be disabled if/when you're not using virtualisation). Sadly, very few systems have an "enable/disable massive security holes in the OS" setting, which would've been preferable.
Cheers,
Brendan