Dutch researchers find major vulnerability in Intel chips

Researchers have uncovered a new flaw in Intel chips More

A major vulnerability, known as ZombieLoad, has been discovered that affects almost every Intel processor made since 2011.

Comprised of four distinct attacks, ZombieLoad exploits a weakness in a feature called "speculative execution", which is used to help a processor predict what an app or program will need next in order to improve performance.

Technically known as a "data sampling attack", it's far from trivial to launch, but should be addressed immediately by admins as it could theoretically allow attackers to monitor a victim's browsing in real-time, or steal sensitive credentials and data. So browser history, user keys, passwords or disk encryption keys would be possible points of interest for a hacker.

ZombieLoad (CVE-2018-12130) is the most risky vulnerability, although the researchers also found three others: CVE-2018-12126, CVE-2018-12127 and CVE-2019-11091.

Intel has collectively dubbed the attacks "Microarchitectural Data Sampling" (MDS).

Patrick Peterson's suspension means A.J. Green avoids him in Week 5
Peterson will miss games against the Lions , Ravens , Panthers , Seahawks , Bengals , and Falcons before rejoining the team. The eight-time Pro Bowler will be eligible to return for the team's October 20 road game against the New York Giants .

Those who warned that the Meltdown and Spectre computer chip flaws revealed previous year would trigger a new era of hardware vulnerability discovery were on to something. Intel has already released patches for the more than a half-dozen affected processor families released since 2011, while major hardware makers and software providers are issuing fixes as well.

The fresh security scare was discovered by researchers Michael Schwarz, Moritz Lipp, Daniel Grus at Graz University of Technology in Austria, as well as Jo Van Bulck from KU Leuven university in Belgium.

"It's kind of like we treat the CPU as a network of components, and we basically eavesdrop on the traffic between them", Cristiano Giuffrida, a researcher on the project, told Wired.

Yup, my Intel systems are vulnerable, and yours probably are as well (unless they're very old). "In this short moment between code execution and check, we can with the new attack see the already loaded data from other programs", Gruss explains. But hackers can exploit the newly discovered vulnerabilities to steal the discarded data before it's deleted and read the contents.

Google says it has opted against trying to mitigate MDS vulnerabilities in Chrome and advises users to use OS-level mitigations. Depending on whether you're talking to Intel or the researchers who discovered the techniques, these exploits apparently range in severity from "low to medium" (Intel) to relatively significant-worse than Spectre but not quite as bad as Meltdown.

Related News:



Most liked

FAA grilled again over Boeing 737 MAX crisis
The Allied Pilots Association, which represents American Airlines pilots, tweeted a Dallas Morning News article on the meeting. The Boeing representative called the Lion Air crash a tragedy, adding, "an even worse thing would be another one".

High winds force SpaceX to postpone first launch of Starlink satellites
In a conference call Wednesday, Musk said the satellites will deploy within an hour after launch, most likely over Tasmania. Each satellite would link to four others via laser beams, creating a robust mesh network around Earth.

Hudson River helicopter crash a reminder of recent water disasters
A helicopter crashed into the Hudson River near Manhattan on Wednesday afternoon, NY authorities said. Scanner traffic indicates that the chopper fell just short of a landing pad on West 30th street.

US FCC set to let phone companies block more robocalls
One interesting thing to note is that Pai's rules would ask, but not require, carriers to provide these services for free. It's unclear how well calls like that would be kept away from consumers under the new proposal, she said.

Ubisoft delays Skull & Bones again and won't show it at E3 2019
One of those is Tom Clancy's Ghost Recon Breakpoint , which will be released on October 4th. Ubisoft won't be short on big game releases in the meantime though.

USA calls back embassy staff in Iraq as tensions with Iran escalate
One witness told the Agence France-Presse (AFP) he heard a loud explosion in the heart of Sanaa. Iraq is home to powerful pro-Iranian militias, while also hosting more than 5,000 US troops.

Judge Orders Former Soldier and WikiLeaks Source Manning Back to Jail
When Manning left jail, she was greeted with a new subpoena to appear on May 16. Assange is now serving a 50-week British prison sentence for jumping bail.

Grumpy Cat: internet's most famous cat dies aged seven
Tardar Sauce , as Grumpy was known to her family, rose to fame in 20212 after her photograph was posted on Reddit. Grumpy Cat , whose permanent scowl was the result of an underbite and feline dwarfism, was an online sensation.

Walmart Unveiling 1-Day Shipping Offer
Not to be outdone, Walmart today announced that it too is transitioning to free next day delivery, and without a membership fee. Walmart items range from diapers and laundry detergent to toys and electronics, with more assortments to be added.

US, Russia 'share same objective' on North Korea: Mike Pompeo
Pompeo later said , "I made clear to Foreign Minister Lavrov. that interference in American elections is unacceptable". Nevertheless, Putin added, the Nord Stream II project will conclude despite obstacles, including USA counter-action.

Germany, Netherlands stop training Iraqi soldiers as tensions rise between US-Iran
The Netherlands and Germany have also reportedly said they are suspending military activity in Iraq due to security concerns. Republicans - and even some Democrats - who have been briefed said the threats are legitimate.

New York mayor threatens to fine Trump Organization over pollution
US President Donald Trump's business empire will have to pay a heavy price for pollution caused by Trump-owned buildings in NY . The Trump Organization did not respond to a request for comment.

Selena Gomez: Social Media Is Terrible
Likewise, Kim Kardashian-West who has made her name as being a social media influencer also limits her social media usage. Gomez occasionally takes social media "breaks".

Window cleaners rescued from skyscraper after ordeal in out-of-control lift
Macy said firefighters secured the scaffold with ropes as it dangled from a crane, 20-30 feet above the roof. The cause of the accident is now under investigation, according to Oklahoma City Fire Capt David Macy.

New York Jets fire GM Mike Maccagnan
The New York Jets are shaking things up in the front office and it'll likely have an impact on things in Philadelphia. Maccagnan compiled a 24-40 record during his tenure as Jets GM, with the team slumping to 4-12 last season.