Another round of Intel chip flaws discovered

Doris Richards
May 18, 2019

Intel has disclosed a fault in its software chips that, if exploited, could allow hackers to access sensitive information directly from processors, TechCrunch writes. One of the new vulnerabilities, dubbed ZombieLoad, can reportedly be triggered even if an application runs inside a virtual machine that isolates it from the underlying server.

"While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets now processed by other running programs", the research paper claimed.

Apple, Google, and Microsoft have already released patches addressing the flaws.

Intel has released microcode update to fix the exploit on vulnerable processors. Depending on whether you're talking to Intel or the researchers who discovered the techniques, these exploits apparently range in severity from "low to medium" (Intel) to relatively significant-worse than Spectre but not quite as bad as Meltdown.

"Spying tools should never be underestimated, as they are constantly being tried and tested in the wild", said Jake Moore, Security Specialist at ESET.

"MDS may allow a malicious user who can locally execute code on a system to infer the values of protected data otherwise protected by architectural mechanisms", Intel says in a technical deep dive. But previous generations of chips will need to be patched, and in some instances that fix could slow the performance of the chip by as much as 19%, Intel said in a post announcing the news.

The security industry meanwhile warned that these Zombieload flaws can be exploited equally by criminal hackers or government agencies.

'Even if home users used their browsers to visit a website with an advert or other content with a malware Java programme, the hacker could still steal information, ' the researchers say.

If you are interested in how attacks like Zombieload work with the newly revealed hardware vulnerabilities, it sounds similar to the way that Spectre and Meltdown attacks work. By exploiting the feature, attackers can snatch data directly from the processor.

Moreover, the current defect probably can enable an enemy to catch on tasks being supervised by an Intel Core or Xeon system's central processing unit (CPU) issued since 2011.

"It's kind of like we treat the CPU as a network of components, and we basically eavesdrop on the traffic between them", Cristiano Giuffrida, a researcher on the project, told Wired.

If any updates are available you should download and install them now. It said that Android users are not impacted.

Other reports by Iphone Fresh

Discuss This Article