This story was originally published on HackerNoon at: https://hackernoon.com/attested-tls-was-supposed-to-be-the-last-trust-boundary-it-isnt-formal-methods-show-how.
Formal methods researchers at TU Dresden found a relay attack in attested TLS. It hits Meta, Cocos AI, Edgeless Systems, and three IETF drafts.
Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity.
You can also check exclusive content about #cybersecurity, #cyber-threats, #confidential-computing, #cve, #open-source, #ietf, #ai-cyber-security, #hackernoon-top-story, and more.
This story was written by: @salkimmich. Learn more about this writer by checking @salkimmich's about page,
and for more stories, please visit hackernoon.com.
A relay attack breaks attested TLS, the mechanism confidential computing uses to prove a secure cloud enclave is genuine. Formal verification found it in Meta's WhatsApp privacy system, Edgeless Systems' Contrast, Cocos AI, and three IETF draft standards, none of which a prior manual security audit caught. It's tracked as CVE-2026-33697 (CVSS 7.5), with three more related CVEs near 9.1 still in disclosure.