Intel Chip Security Flaw Could Affect Millions

Intel Chip Security Flaw Could Affect Millions

Worst of all, nearly every computer with an Intel chip from 2011 is affected by the vulnerabilities. Intel themselves calls the flaws "Microarchitectural Data Sampling" or MDS, a name that substitutes as a well-designed sleeping pill.

Botezatu said Bitdefender found the flaw because its researchers were increasingly focused on the safety and management of virtual machines, the term for one or more emulated mini-computers that can be spun up inside a larger machine - a key feature of cloud computing. The vulnerability may allow attackers to 'resurrect' critical data processed by the chip - from browser history and passwords to disk encryption keys and other system-level sensitive data. Embarrassingly, mitigations introduced in Intel's latest Coffee Lake Refresh Core i9 processors are said by the researchers to make the system more vulnerable to Fallout compared with older-generation hardware.

Here's a video from researchers showing the ZombieLoad exploit in action.

Zombieload was discovered by a small group of researchers and works by exploiting a CPU to leak data across processes, privilege boundaries and hyperthreads, essentially creating a backdoor. It's a side-channel attack made up of four individual flaws in the Intel chip itself.

More news: Weather good for SpaceX's first Starlink satellite launch Wednesday night
More news: Warriors take 2-0 series lead over Trail Blazers
More news: Wikipedia says it has been blocked in China

Well, Intel has said that data centres are anticipated to be least affected by the fixes demanded.

"This includes the release of updated Intel microprocessor microcode to our customers and partners", the company said.

It has been just over a year since CPU vulnerabilities like Spectre and Meltdown last dominated the news cycle. While Intel rates the attacks as "low to medium" in severity, researchers from the institutions that discovered the attacks told Wired that they could "reliably dig through that raw output to find the valuable information they sought". "Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see". This can be described as data leakage, which malicious actors can exploit. Intel also faced questions from lawmakers about why it did not disclose the vulnerability to USA cybersecurity officials before it was made public.

Apple has already released the security updates in the latest macOS Mojave 10.14.5 operating system to protect users against these vulnerabilities, but to fully mitigate your Mac computer, you'll need to also disable hyper-threading processing technology and enable an additional CPU instruction, which, unfortunately, leads to 40 percent performance loss. Researchers say it's hard or impossible to tell because, unlike most other kinds of hacking, exploitation of these flaws may not leave any traces.

Related Articles

  • Farmer amputates leg with knife to escape auger

    Farmer amputates leg with knife to escape auger

    With the bone sticking out of his ankle, Kaser crawled about 150 feet to get to a phone, where he was able to call for help. He hope to be able to with a prosthesis to walk again - appropriate conversations, he would run now with his Doctors.
    Restaurant Brands to boost outlets by 54% in 8-10 years

    Restaurant Brands to boost outlets by 54% in 8-10 years

    As of today, Tim Hortons is officially testing out Beyond Meat breakfast items in select stores across Canada. It hopes to roll out the products nationally by the end of the summer, depending on the results of the pilot.
    Pokemon Rumble Rush stealth launches on mobile

    Pokemon Rumble Rush stealth launches on mobile

    Aided by strong Pokémon and a spirit of discovery, journey through uncharted islands that have many Pokémon . Earlier today, the Pokemon Company introduced Pokemon Rumble Rush , a new mobile game created by Umbrella.
  • Nepal climber scales Mount Everest for record 23rd time

    Nepal climber scales Mount Everest for record 23rd time

    Kami Rita started the climb from the Nepal side of the range, which is one of the two routes to get up top, the other being Tibet. Acharya said dozens of climbers are trailing Sherpa with the aim of reaching the summit Wednesday.
    Wrestling - AEW announces deal with TNT

    Wrestling - AEW announces deal with TNT

    In addition, Double or Nothing's hour-long live pre-show will stream on WarnerMedia and AEW's social media channels. The move is one that now puts AEW in prime position to compete with World Wrestling Entertainment.
    Musk to review all of Tesla's expenses in new cost cutting plan

    Musk to review all of Tesla's expenses in new cost cutting plan

    The first of these came in 2016 when Joshua Brown was killed in his Model S after it collided with a semi-trailer truck.
  • Boeing 737 Max operators to meet as regulators mull jet's return

    Boeing 737 Max operators to meet as regulators mull jet's return

    Boeing is now reducing the power of MCAS to tilt the plane down and linking the system to two sensors instead of one. The pilots pressed Boeing officials why the planes were still in the air and why an emergency hadn't been announced.
    Malaysian teen kills herself after Instagram poll

    Malaysian teen kills herself after Instagram poll

    Police officers are reportedly not treating her death as suspicious, but her body has still been taken for an autopsy. It came after her heartbroken dad Ian Russell blamed the social media platform in part for her death .
    Narendra Modi Thinks He Can Run The Country Alone: Rahul Gandhi

    Narendra Modi Thinks He Can Run The Country Alone: Rahul Gandhi

    Targeting the Congress on terrorism, Modi said: "The Congress has promised to end the sedition law but BJP will not allow it". Shah exuded confidence that his party has already crossed the majority mark after sixth phase of Lok Sabha polls.
  • Samsung’s Budget Smartphones Will Reportedly Have Cryptocurrency and Blockchain Features

    Samsung’s Budget Smartphones Will Reportedly Have Cryptocurrency and Blockchain Features

    The Samsung Galaxy A50 has started to receive the first OTA update which brings in some fantastic changes. It also appears that Samsung Electronics are keen to further develop blockchain-based security functions.
    Officers riding in President Trump's motorcade crash on interstate

    Officers riding in President Trump's motorcade crash on interstate

    The Secret Service says four officers were involved, and three of them were taken to a hospital to be treated for minor injuries. Secret Service spokesman Mason Brayman says in an emailed statement that a Westlake police officer also was involved.
    Motorola One Vision smartphone gets official

    Motorola One Vision smartphone gets official

    The Motorola One Vision is priced at €299 (Rs 23,520 approx.) and will be available in Saudi Arabia and Thailand from today. The camera has a feature called Night Vision for incredible shots at night similar to the Pixel's own Night Sight.