New Intel security flaw affects CPUs as far back as 2008

Yolanda Curtis
May 18, 2019

On Tuesday, Intel and a group of cybersecurity researchers published details on four new potential chip attacks that exploit the same "speculative execution" process, which is used to improve CPU performance, that was central to Meltdown and Spectre.

Intel has warned that data centers using certain processor chips could face a performance slow down following a patch to a security flaw dubbed ZombieLoad.

"While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets now processed by other running programs", said the team who discovered the issue.

Intel Corp and a group of security researchers on Tuesday said they had found a new set of security flaws in its processors that will be hard to fix and are related to problems found previous year. Since then, the technique has been used to increase the speed of computers in a manner that is built into CPU hardware, including chips manufactured by Intel, AMD and ARM.

Intel said it discovered the flaw on its own, but credited Bitdefender, several other security firms and academic researchers for notifying the company about the problem. The researchers said the flaws work in cloud environments just like they do on PCs.

It is a side-channel attack on Intel chips, allowing hackers to exploit design flaws rather than injecting malicious code.

Intel has released microcode updates to patch the vulnerabilities, but to properly immunise a PC a combination of firmware and software updates is needed and the fixes are expected to impact CPU performance.

Researchers and Intel have known about this for more than a year and astute users should accept software updates to patch the flaws.

Through this vulnerability, attackers are able to extract sensitive data including browser history, website contents, passwords, and encryption keys.

According to the research paper, disabling hyperthreading might be the only way to completely prevent being at risk of a Zombieload attack.

All users of Intel processors made since 2011 must upgrade.

"We show that existing defenses against speculative execution attacks are inadequate, and in some cases actually make things worse", researchers wrote in a summary of the RIDL and Fallout attacks. While Intel rates the attacks as "low to medium" in severity, researchers from the institutions that discovered the attacks told Wired that they could "reliably dig through that raw output to find the valuable information they sought".

If any updates are available you should download and install them now.

That said, most Mac users have little to worry about.

Other reports by iNewsToday