Dutch researchers find major vulnerability in Intel chips

New security flaw in Intel chips could affect millions

A major vulnerability, known as ZombieLoad, has been discovered that affects almost every Intel processor made since 2011.

Comprised of four distinct attacks, ZombieLoad exploits a weakness in a feature called "speculative execution", which is used to help a processor predict what an app or program will need next in order to improve performance.

Technically known as a "data sampling attack", it's far from trivial to launch, but should be addressed immediately by admins as it could theoretically allow attackers to monitor a victim's browsing in real-time, or steal sensitive credentials and data. So browser history, user keys, passwords or disk encryption keys would be possible points of interest for a hacker.

ZombieLoad (CVE-2018-12130) is the most risky vulnerability, although the researchers also found three others: CVE-2018-12126, CVE-2018-12127 and CVE-2019-11091.

Intel has collectively dubbed the attacks "Microarchitectural Data Sampling" (MDS).

High winds force SpaceX to postpone first launch of Starlink satellites
In a conference call Wednesday, Musk said the satellites will deploy within an hour after launch, most likely over Tasmania. Each satellite would link to four others via laser beams, creating a robust mesh network around Earth.

Those who warned that the Meltdown and Spectre computer chip flaws revealed previous year would trigger a new era of hardware vulnerability discovery were on to something. Intel has already released patches for the more than a half-dozen affected processor families released since 2011, while major hardware makers and software providers are issuing fixes as well.

The fresh security scare was discovered by researchers Michael Schwarz, Moritz Lipp, Daniel Grus at Graz University of Technology in Austria, as well as Jo Van Bulck from KU Leuven university in Belgium.

"It's kind of like we treat the CPU as a network of components, and we basically eavesdrop on the traffic between them", Cristiano Giuffrida, a researcher on the project, told Wired.

Yup, my Intel systems are vulnerable, and yours probably are as well (unless they're very old). "In this short moment between code execution and check, we can with the new attack see the already loaded data from other programs", Gruss explains. But hackers can exploit the newly discovered vulnerabilities to steal the discarded data before it's deleted and read the contents.

Google says it has opted against trying to mitigate MDS vulnerabilities in Chrome and advises users to use OS-level mitigations. Depending on whether you're talking to Intel or the researchers who discovered the techniques, these exploits apparently range in severity from "low to medium" (Intel) to relatively significant-worse than Spectre but not quite as bad as Meltdown.

Related News:



Most liked

Nebraska farmer gruesomely saves his own life after getting stuck in equipment
He was released from a rehab center Friday, and now must wait for his leg to fully heal before he can be fitted for a prosthetic. After performing the grisly life-saving task, Mr Kaser crawled to his house to phone for help, reports said.

Nepalese Sherpa completes record 23rd Everest climb
He said the only other two Sherpas near his record reached the summit 21 times, but have since retired. A total of 378 climbers have been issued permits to climb the mountain this season.

Motorola One Vision official with 21:9 screen and 48MP camera
There you'll pay R $1,999.00 (Brazilian Real), which converts (right this moment) to around $501 United States dollars . Connectivity options include Bluetooth v5, USB Type-C port, 3.5mm audio jack, NFC , GPS, AGPS, GLONASS, more.

Pokemon Rumble Rush Soft Launch Australia Google Play Store Android App Game
For winning Super Boss Rush , you need many different types of Pokemon collected from your journey through the islands and seas. As for when the Pokemon Rumble Rush release date for more regions might be revealed, we're not sure.

Mick Jagger dances in video one month after heart surgery
Refunds are available through Ticketmaster , but only for the original buyer - not for tickets that have been transferred. The tour, and the Stones Foxboro concert on June 8, was postponed back in March, after Jagger needed surgery .

Trump pardons author of flattering Trump biography
Black, who has called Trump a friend, published a book a year ago praising him, titled " Donald J. Did Donald Trump offer Michael Cohen a presidential pardon?

Ubisoft delays Skull & Bones again and won't show it at E3 2019
One of those is Tom Clancy's Ghost Recon Breakpoint , which will be released on October 4th. Ubisoft won't be short on big game releases in the meantime though.

Patrick Peterson's suspension means A.J. Green avoids him in Week 5
Peterson will miss games against the Lions , Ravens , Panthers , Seahawks , Bengals , and Falcons before rejoining the team. The eight-time Pro Bowler will be eligible to return for the team's October 20 road game against the New York Giants .

Grumpy Cat: internet's most famous cat dies aged seven
Tardar Sauce , as Grumpy was known to her family, rose to fame in 20212 after her photograph was posted on Reddit. Grumpy Cat , whose permanent scowl was the result of an underbite and feline dwarfism, was an online sensation.

US, Russia 'share same objective' on North Korea: Mike Pompeo
Pompeo later said , "I made clear to Foreign Minister Lavrov. that interference in American elections is unacceptable". Nevertheless, Putin added, the Nord Stream II project will conclude despite obstacles, including USA counter-action.

In Trump’s trade war with China, Latin America is especially vulnerable
USTR said it would hold a public hearing on the tariff list on June 17, with final comments due as little as seven days later. "My expectation is that we will go to Beijing at some point in the near future to continue those discussions", he said.

Official Cause Of The 'Camp Fire' Released By Cal Fire
He called the release of the report symbolic because it has been long known that PG&E's equipment caused the fire. PG&E's bankruptcy reorganization plan is due by the end of May, but it has requested an extension until November.

Bitcoin climbs above $7,000 after eight months as cryptocurrency rally extends
Penny stocks looking to pounce on the cryptocurrency buzz are enjoying a renaissance triggered by Bitcoin's new momentum. This occurs when the 50-day simple moving average has crossed above the 200-day moving average.

Window cleaners rescued from skyscraper after ordeal in out-of-control lift
Macy said firefighters secured the scaffold with ropes as it dangled from a crane, 20-30 feet above the roof. The cause of the accident is now under investigation, according to Oklahoma City Fire Capt David Macy.

74-year-old man dies after shoved off bus in ‘disturbing’ video