Sunday, 21 July 2019
Latest news
Main » Intel discloses new security flaw in its chips

Intel discloses new security flaw in its chips

18 May 2019

For those of you in need of a memory refresh - Spectre and Meltdown were two flaws which allowed hackers to pull out sensitive data directly from the computer's processor, including passwords.

Intel has warned that data centers using certain processor chips could face a performance slow down following a patch to a security flaw dubbed ZombieLoad.

Intel refers to the vulnerabilities as microarchitectural data sampling, or MDS, which can be exploited by attackers to access data being used not just by applications, but also containers and virtual machines.

The flaws were unearthed by a supergroup of security researchers hailing from places and companies such as Graz University of Technology, Bitdefender and Oracle.

It affects personal computers and laptops, include Apple Macintosh machines, as well as servers and computing resources in clouds such as Amazon Web Services, Microsoft Azure, and Google Cloud, if they are powered by Intel Core or Xeon-branded processors released since 2011. Spectre, which proved more hard to patch even at the software level, also afflicted Intel's competitors, including AMD and ARM, which manufactures chips for smartphones and other internet-of-things devices.

Intel said it's already addressed the problem in its newest chips after working for months with business partners and independent researchers.

To elaborate on the same, ZombieLoad is a side-channel attack that makes it possible for hackers to retrieve the data that the CPU is processing at that point of time.

"However, unlike the recent Cisco router vulnerability, and most notably the "2nd flaw" that was making headlines, a patch or patches are available and they will help", said Curry.

"Ever since Meltdown/Spectre, if not before, researchers have been going over every micro-architectural enhancement from the past 40 years and assessing them as side-channel targets", said Joe FitzPatrick, an instructor and researcher at SecuringHardware.com, a training site.

If you are interested in how attacks like Zombieload work with the newly revealed hardware vulnerabilities, it sounds similar to the way that Spectre and Meltdown attacks work.

What is described as Zombieload, RIDL and Fallout can used to attacks victims.

The leak covered all Intel processors made since 2008 and would have been extremely easy to abuse, the researchers say.

The researchers who discovered the vulnerabilities published this proof-of-concept demonstration showing how an unprivileged attacker - who has the ability to execute code on a system - can reconstruct URLs being visited in Firefox.

Intel discloses new security flaw in its chips