New Intel security flaws could slow some chips by nearly 20%

New security flaw in Intel chips could affect millions

New security flaw in Intel chips could affect millions

Intel past year disclosed that hackers could potentially read sensitive data on its processors, which power most data centers and personal computers, by exploiting a feature called speculative execution, in which the chip tries to guess which computations it will carry out ahead of time in an effort to speed up the chip. In the case of these new bugs, updating everything is the best thing you can do right now.

Four new speculative execution vulnerabilities were discovered by several security researchers in Intel's microprocessor, which could allow local attackers to expose sensitive information when transitioning between kernel and user space.

"The attack does not only work on personal computers but can also be exploited in the cloud". Depending on whether you're talking to Intel or the researchers who discovered the techniques, these exploits apparently range in severity from "low to medium" (Intel) to relatively significant-worse than Spectre but not quite as bad as Meltdown. We have seen no reports of exploits based on ZombieLoad, and the vulnerabilities are reportedly non-trivial to use in an attack. The name ZombieLoad comes from the term "zombie load" which refers to an amount of data that the processor can't understand.

Intel has labelled the new set of vulnerabilities as a form of microarchitectural data sampling (MDS). "However, software may be able to forward this speculative-only data to a side-channel disclosure gadget in a way that potentially allows malicious actors to infer the data".

More news: Google announced compensation to the Pixel Owners for up to $500
More news: Asus ZenFone 6 Hands-on Review: Wild Flip Camera Kills the Notch
More news: Samsung & Verizon Launch the Samsung Galaxy S10 5G in the US

"However, unlike the recent Cisco router vulnerability, and most notably the "2nd flaw" that was making headlines, a patch or patches are available and they will help", said Curry. "For other affected products, mitigation is available through microcode updates, coupled with corresponding updates to operating system and hypervisor software that are available starting today".

What that means is that ZombieLoad has been taken care of well and it won't really be easy for just about anyone to exploit the processing loophole.

An alarming proof-of-concept video shows how the exploit can be executed to see which websites a person is viewing in real time. Ultimately, none of that matters in the face of these attacks. "We hear anything that these components exchange".

Intel admitted that the security patches will impact CPU performance by up to 3% on consumer devices and up to 9% on data center machines, but don't let that dissuade you from manually forcing the update.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.