New Security Vulnerability Found On Intel Processors Can Lead To Data Theft

New security flaw in Intel chips could affect millions

A newly discovered flaw in Intel processors leaves owners with a stark choice: ignore the problem and risk being comprehensively hacked, or install a software fix which risks slowing down the host computer significantly. Apple, Google, and Microsoft have already released patches to fix ZombieLoad.

Yup, my Intel systems are vulnerable, and yours probably are as well (unless they're very old).

If so, then you'll need to update your computer immediately, after a class of vulnerabilities was discovered that allows attackers to steal data directly from your processor. The new vulnerability is being called "ZombieLoad". A new threefold of attacks are different from and more unsafe than Meltdown, Spectre and their variations because they can leak data from CPU buffers, which is not necessarily present in caches.

"While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets now processed by other running programs", said the team who discovered the issue. Using vulnerabilities found within those chips to their advantage, hackers could steal sensitive user data such as your browser history and passwords. As these hardware flaws affect numerous Intel CPUs, you can imagine that all modern Mac computers are affected as well. It is this process that the bug exploits to let data bleed across boundary walls.

Intel expects that consumer devices could see a 3 percent performance decline, while data centers could see as much as a 9 percent impact.

What that means is that ZombieLoad has been taken care of well and it won't really be easy for just about anyone to exploit the processing loophole. In these cases, customers should consider how they utilize SMT for their particular workload (s), guidance from their OS and VMM software providers, and the security threat model for their particular environment.

"Tricking the CPU into revealing protected data could have massive implications to millions of people around the world", he added.

"It's another day and another big headline impacting a technology giant in the cybersecurity industry", said Sam Curry, chief security officer at Cybereason.

Researchers and Intel have known about this for more than a year and astute users should accept software updates to patch the flaws.

Intel told Wired that its own researchers discovered the MDS vulnerabilities previous year. "Or is this a natural occurrence of a security bug as all life cycles can and will produce?" Was security ignored or even an afterthought?

Related News:



Most liked

Boss backs how FAA dealt with 737 Max
Acting FAA chief Daniel Elwell told the House aviation subcommittee that his agency "welcomes scrutiny that helps make us better". The pilots did not know the planes were equipped with the anti-stall system and their manuals had no explicit information.

Spacex Readies for Launch of Falcon 9 Rocket, 60 Starlink Satellites
If the Starlink project works, it would mean abundant, fast internet everywhere on Earth, including in remote parts of Australia. SpaceX plans to complete its Starlink in 2027 - the full-deployment deadline issued by the Federal Communications Commission.

Farmer uses pocket knife to amputate leg caught in machinery
When Kurtis Kaser realized his leg was stuck and being pulled into the machine, he knew he had to act quickly. Kaser, who has been a farmer for more than 40 years, is determined to get back to work as soon as he can.

Pokemon Rumble Rush Announced For Smartphones
Nintendo announced this mobile game as " PokeLand " in 2017, but it was quickly forgotten by many as it went under the radar. As a financial journalist Jackson has published stories for CBC Business Online, as well as Buzz Feed and Motherboard.

White House to Congress: No 'Do-Over' of Mueller Probe
The White House doesn't plan to voluntarily acquiesce to House Democrats' sweeping demands for information anytime soon. Pat Cippillone sent the letter Tuesday.

Realme's global launch of X, X Lite; debut in China
Realme X will be looking to maintain an aggressive price point despite offering flagship design and specs. The top-end model with 8GB RAM and 128GB storage will retail for 1,499 Yuan (Rs 15,500 approx) in China.

Briefing: US-China trade war could inflate iPhone costs by 3%
Apple could still change its mind on the color lineup, but production on the new units should start within the next few month. In 2018, that region amounted to $51 billion in revenue, nearly a fifth of Apple's total revenue for the year.

Deep sea divers find plastic bags while exploring uncharted waters
The dive was later verified to be 10,972m and Victor became the first person to reach the deepest part of the Pacific Ocean. It's not the first time plastic has been found at the bottom of the sea, but it's a reminder of the scale of the problem .

U.S. pulls staff from Iraq, says Iran gave 'blessing' for tanker attacks
Hunt said he had discussed Iran with US Secretary of State Mike Pompeo last week in London, and again in Brussels on Monday. He added, "We had formerly anticipated that they would carry out these sorts of activities to escalate tension".

Cardinals' Patrick Peterson Suspended For Violating NFL's PED Policy
The eight-time Pro Bowler was mentioned as a trade target both around the trade deadline last season and during this offseason . Peterson will miss games against the Lions , Ravens , Panthers , Seahawks , Bengals , and Falcons before rejoining the team.

Grumpy Cat Dead - Beloved Internet Famous Cat Dies at 7
Grumpy Cat attends the premiere of Disney's "Cinderella" at the El Capitan Theatre on 1 March 2015 in Hollywood, California. This undated image provided by Lifetime shows the Internet sensation, Grumpy Cat .

Madonna, on Eurovision, says she won't bow 'to suit someone's political agenda'
Palestinian activists have responded, calling Eurovision an "artwashing [of] Israel's brutal oppression of Palestinians". Rebuffing the pressure , Madonna said she would "never stop playing music to suit someone's political agenda".

Realme X gets announced with pop-up selfie cam, costs under $300
For its camera, it comes with a dual rear camera setup with 48MP + 5MP sensors whereas the selfie camera comes with a 16MP sensor. The toned-down version of Realme X comes with a 6.3-inch Full HD+ water drop notch display and a gradient glasstic design finish.

Liverpool's Klopp to put players through 'preseason' ahead of Champions League final
Tottenham Hotspur striker Heung-min Son hopes three-weeks rest will have him in "fire mode" for the Champions League final. It is not a preseason, but it is not going to be a holiday.

PG&E Equipment Sparked Deadly California Wildfire
The cause of the second fire was determined to be vegetation into electrical distribution lines owned and operated by PG&E. PG&E's bankruptcy reorganization plan is due by the end of May, but it has requested an extension until November.