New Security Vulnerability Found On Intel Processors Can Lead To Data Theft

New security flaw in Intel chips could affect millions

A newly discovered flaw in Intel processors leaves owners with a stark choice: ignore the problem and risk being comprehensively hacked, or install a software fix which risks slowing down the host computer significantly. Apple, Google, and Microsoft have already released patches to fix ZombieLoad.

Yup, my Intel systems are vulnerable, and yours probably are as well (unless they're very old).

If so, then you'll need to update your computer immediately, after a class of vulnerabilities was discovered that allows attackers to steal data directly from your processor. The new vulnerability is being called "ZombieLoad". A new threefold of attacks are different from and more unsafe than Meltdown, Spectre and their variations because they can leak data from CPU buffers, which is not necessarily present in caches.

"While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets now processed by other running programs", said the team who discovered the issue. Using vulnerabilities found within those chips to their advantage, hackers could steal sensitive user data such as your browser history and passwords. As these hardware flaws affect numerous Intel CPUs, you can imagine that all modern Mac computers are affected as well. It is this process that the bug exploits to let data bleed across boundary walls.

Intel expects that consumer devices could see a 3 percent performance decline, while data centers could see as much as a 9 percent impact.

What that means is that ZombieLoad has been taken care of well and it won't really be easy for just about anyone to exploit the processing loophole. In these cases, customers should consider how they utilize SMT for their particular workload (s), guidance from their OS and VMM software providers, and the security threat model for their particular environment.

"Tricking the CPU into revealing protected data could have massive implications to millions of people around the world", he added.

"It's another day and another big headline impacting a technology giant in the cybersecurity industry", said Sam Curry, chief security officer at Cybereason.

Researchers and Intel have known about this for more than a year and astute users should accept software updates to patch the flaws.

Intel told Wired that its own researchers discovered the MDS vulnerabilities previous year. "Or is this a natural occurrence of a security bug as all life cycles can and will produce?" Was security ignored or even an afterthought?

Related News:



Most liked

Spacex Readies for Launch of Falcon 9 Rocket, 60 Starlink Satellites
If the Starlink project works, it would mean abundant, fast internet everywhere on Earth, including in remote parts of Australia. SpaceX plans to complete its Starlink in 2027 - the full-deployment deadline issued by the Federal Communications Commission.

Motorola One Vision ready with 48MP rear, 25MP selfie shooter
The size of the panel is 6.3 inches with a resolution of FHD + ( 2520 x 1080 pixels ) and a pixel density of 432 PPI . This new smartphone has been in the making for quite a while now and could see a wider launch in the next few weeks.

Briefing: US-China trade war could inflate iPhone costs by 3%
Apple could still change its mind on the color lineup, but production on the new units should start within the next few month. In 2018, that region amounted to $51 billion in revenue, nearly a fifth of Apple's total revenue for the year.

Deep sea divers find plastic bags while exploring uncharted waters
The dive was later verified to be 10,972m and Victor became the first person to reach the deepest part of the Pacific Ocean. It's not the first time plastic has been found at the bottom of the sea, but it's a reminder of the scale of the problem .

Skull & Bones Delayed and Won’t Be at E3
A new Watch Dogs game is heavily rumoured for an E3 appearance, as is a return to the Splinter Cell franchise. It also announced it has three triple-A games set to released during Q4 of its current fiscal year.

Is OnePlus 7 Pro an iPhone, Samsung Killer or Yet Another Pretender?
The company too initiated pop-up events in six cities across India including Mumbai, Delhi, Bangalore, Pune and Bengaluru. For selfies, OnePlus 7 Pro comes with a 16-megapixel pop-up camera with Sony IMX471 sensor, an f/2.0 aperture, and EIS.

U.S. pulls staff from Iraq, says Iran gave 'blessing' for tanker attacks
Hunt said he had discussed Iran with US Secretary of State Mike Pompeo last week in London, and again in Brussels on Monday. He added, "We had formerly anticipated that they would carry out these sorts of activities to escalate tension".

Trump has signed an executive order to ban foreign telecoms equipment
Tensions have further escalated between Beijing and Washington over the effective barring of Huawei from the USA market. Officials said that "interim regulations" were expected before final rules were set, but were vague on what that meant.

Taiwan's parliament approves same-sex marriage
The vote came after Taiwan's top court ruled that not allowing same-sex couples to marry violates the constitution. Tsai and the DPP's victory on equal marriage makes Taiwan the first country in Asia to legalise same-sex marriage.

Cardinals' Patrick Peterson Suspended For Violating NFL's PED Policy
The eight-time Pro Bowler was mentioned as a trade target both around the trade deadline last season and during this offseason . Peterson will miss games against the Lions , Ravens , Panthers , Seahawks , Bengals , and Falcons before rejoining the team.

Grumpy Cat Dead - Beloved Internet Famous Cat Dies at 7
Grumpy Cat attends the premiere of Disney's "Cinderella" at the El Capitan Theatre on 1 March 2015 in Hollywood, California. This undated image provided by Lifetime shows the Internet sensation, Grumpy Cat .

Derby County Players Mock Leeds United For Spygate After Elland Road Win
He covers all sport from football, formula one, cricket, rugby, tennis, athletics, mma and wrestling. I'm not gonna lie. "We were able to prepare for this game, we were prepared and we got a result".

U.S. Orders 'Nonemergency' Government Employees To Leave Iraq
Flosdorff said training may well resume in the next days and there was "no concrete threat" at the moment. Netanyahu made his plea Tuesday, during an event marking the one-year anniversary of Israel's U.S.

WhatsApp urges users to upgrade app after report of spyware attack
The company exploited a vulnerability by Whatsapp that allowed third party users to remotely install spyware on targeted phones. The spyware was developed by the Israeli cyber intelligence company NSO Group , the Financial Times reported .

Pop Star Selena Gomez: Social Media Has Been 'Terrible' For My Generation
Just last month, Gomez discussed her use of social media and managing Instagram trolls while on Coach's new podcast series, "Dream It Real".