Intel announces another security flaw in chips

Ceria Alfonso
May 15, 2019

ZombieLoad was discovered by the same researchers who uncovered the notorious Spectre and Meltdown vulnerabilities in 2017, a finding which shook the computer world's sense of security to its core.

Intel chips released this year contain a fix for the bug.

Each variant of the attack can be used as a gateway into viewing raw data that passes through a processor's cache before it is tossed discarded through the speculative execution process.

"In essence, [MDS] puts a glass to the wall that separates security domains, allowing attackers to listen to the babbling of CPU components", VUSec, one of the firms that discovered the flaws, said in a paper set to be presented next week and seen by Wired. The researchers who published details on the attacks hailed from companies Cyberus, BitDefender Oracle, Qihoo360, along with Belgium's KU Leuven, the University of Adelaide, University of Michigan, Graz University of Technology, the Helmholtz Center for Information Security, Vrije Universiteit Amsterdam and Worcester Polytechnic Institute.

Intel Corp and a group of security researchers on Tuesday said they had found a new set of security flaws in its processors that will be hard to fix and are related to problems found past year. While Intel eventually rolled out stable fixes, though still with measurable performance impacts in many cases, it has since been fighting a string of similar vulnerabilities including Spectre Next Generation, Spectre 4, Spectre 1.1 and 1.2, SpectreRSB, NetSpectre, and more.

More news: NASA Planning to Land First American Woman on the Moon by 2024

However, Intel and the researchers disagree on the severity of the flaw.

Security researchers have revealed the Zombieload Attack to the public. AMD and ARM chips are not affected.

Software vendors, meanwhile, have begun rolling out software mitigations for the new vulnerabilities, including patches from Microsoft released as part of last night's Patch Tuesday Update cycle.

While fixes may be starting to become available, it will take time for them to be applied to PCs and servers affected by the four variants. Savvy users were forced to reconsider the wisdom of cloud computing - even if they patched their own machines, their data was only as safe as the processors the cloud providers used.

Otros informes por

Discuta este artículo