Intel announces another security flaw in chips

Share

Security researchers from the Graz University of Technology have found a new flaw in Intel chips which can be used to steal sensitive information directly from the processor. The vulnerability could let hackers read almost all data flowing through one of Intel's chips, though the company said the attack is hard to carry out and that it has not seen it used outside of labs.

Following today's disclosure of the new MDS vulnerabilities affecting Intel CPUs, a slew of new Linux kernel stable releases have been issued. The official reference number for Zombieload is CVE-2019-12130 and the latest Intel microcode update puts protections in place to mitigate the issue. The name ZombieLoad comes from the term "zombie load" which refers to an amount of data that the processor can't understand.

Comprised of four distinct attacks, ZombieLoad exploits a weakness in a feature called "speculative execution", which is used to help a processor predict what an app or program will need next in order to improve performance.

"With a large enough data sample, time or control of the target system's behavior", the flaw could enable attackers to see data thought to be off-limits, Bryan Jorgensen, Intel's senior director of product assurance and security, said in a video statement.

"Arthur" Character Mr. Ratburn Comes Out As Gay & Gets Married
Arthur and his friends are relieved their beloved teacher is not marrying Patty, but they're still embarrassed by Mr. Ratburn and the Special Someone ", fans of the series finally get to see the cake-loving teacher, Mr.

Intel chips released this year contain a fix for the bug. This should prevent data from being read.

And the cloud is also vulnerable.

A ZombieLoad attack would not leave a trace. According to the demonstration, it would even be possible to monitor what someone was doing even if they were using a privacy-focused browser like Tor, in addition to a virtual machine. The researchers said the flaws work in cloud environments just like they do on PCs. While Intel rates the attacks as "low to medium" in severity, researchers from the institutions that discovered the attacks told Wired that they could "reliably dig through that raw output to find the valuable information they sought".

Mozilla has also said that it is working on a long-term fix for its Firefox web browser for macOS, and Firefox Beta and Firefox Nightly versions have the patch already installed. For starters, there are easier ways to hack into a computer.

Share