Researchers discover new security flaws in most Intel processors released since 2011

New security flaw in Intel chips could affect millionsMore

The vulnerabilities were already addressed at the hardware level in recent versions of Intel Core processors, the chip giant said.

ZombieLoad is similar to Meltdown and Spectre, two bugs in 2018 that allowed critical information stored deep inside computer systems to be exposed.

"With a large enough data sample, time or control of the target system's behavior", the flaw could enable attackers to see data thought to be off-limits, Bryan Jorgensen, Intel's senior director of product assurance and security, said in a video statement.

"While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets now processed by other running programs", said the team who discovered the issue.

ZombieLoad (CVE-2018-12130) is the most unsafe vulnerability, although the researchers also found three others: CVE-2018-12126, CVE-2018-12127 and CVE-2019-11091. Intel themselves calls the flaws "Microarchitectural Data Sampling" or MDS, a name that substitutes as a well-designed sleeping pill.

"ZombieLoad is a novel category of side-channel attacks which we refer to as data-sampling attack", the researchers say in a Tuesday blog post.

Pokemon Rumble Rush Adds To Expanding List Of Pokemon Games
Each encounter includes a chance that one or more Pokemon will befriend a player and in turn use those Pokemon in future battles. Coming to mobile devices, Rumble Rush is a free-to-play title that features real-time battles against various Pokemon critters.

Is OnePlus 7 Pro an iPhone, Samsung Killer or Yet Another Pretender?
In overall cool factor too, there is no beating the OnePlus 7 Pro once again thanks to the pop-up selfie camera at the front. The primary camera on both the handsets, however, use the same 48-megapixel sensor that we saw on the Redmi Note 7 Pro.

England's Gareth Southgate chats about his Nations League squad
We are just going to have to play it by ear because he is not going to have had a game prior to that point. But clearly he's a player we'd want to give every opportunity to.

Security researchers have publicly disclosed today a series of potential security vulnerabilities affecting Intel microprocessors, which may allow information disclosure on users' machines.

The discovery of new CPU flaw isn't surprising, given that researchers have continued to pummel modern processors looking for more vulnerabilities (see: Expect More Cybersecurity "Meltdowns").

"It's kind of like we treat the CPU as a network of components, and we basically eavesdrop on the traffic between them, "Cristiano Giuffrida, a researcher at Vrije Universiteit Amsterdam who discovered the MDS attack, told Wired". Also, the basic modus operandi is the same too in that it exploits the speculative execution process to leak info.

Whether the ZombieLand vulnerabilities have been exploited in the wild remains unknown. To be able to exploit the vulnerability, no more is needed than hiding a few lines of malicious code on for example a website. Intel also faced questions from lawmakers about why it did not disclose the vulnerability to USA cybersecurity officials before it was made public.

"End users and systems administrators should check with their system manufacturers and system software vendors, and apply any available updates as soon as practical". It said that Android users are not impacted.

Related:

Comments

Latest news

SpaceX postpones launch of 60 Starlink Internet satellites
SpaceX plans to complete its Starlink in 2027 - the full-deployment deadline issued by the Federal Communications Commission. Currently, there are around 4,000 intact spacecraft in Earth's orbit-of which just under 2,000 are still operational.

Another day at the office: Sherpa completes record 23rd Everest climb
Their stamina and familiarity with the mountains quickly made them sought-after guides and porters. This season, almost 1,000 people, including 378 paying climbers, will attempt the summit.

Blac Chyna wanted Rob Kardashian to 'see his worth'
Quick backstory: Chyna claimed her other ex Tyga broke up with her to pursue a relationship with Kylie Jenner . Tyga and Kylie were first romantically linked at the end of 2014.

Congress searching for scapegoats to save Rahul from blame: Narendra Modi
It was Atal Bihari Vajpayee's government which carved out Jharkhand and created a separate Tribal Affairs Ministry", he added. She led a rally of several thousand supporters through the city late on Wednesday.

Mick Jagger dances in new Twitter video six weeks after surgery
The tour will now begin in Chicago with two dates at Soldier Field and end in Miami, where it was originally supposed to start. A new video shows Mick Jagger is back to his groove-busting best just weeks after undergoing heart surgery .

Paulo Dybala's agent confirms Juventus exit plans
Manchester United will have to fight Bayern Munich to land the Argentine superstar. He needs a change", Gustavo Dybala is quoted as telling Futbolemico .

‘No do-overs’: White House will not cooperate with further Trump investigations
Cippillone asked the chairman to narrow the requests and "articulate the legislative objective and legal support". He wrote on Tuesday to say he wouldn't participate in a Wednesday committee hearing on executive privilege.

Victor Vescovo sets new record for deepest manned solo dive
The last challenge will be to reach the bottom of the Molloy Deep in the Arctic Ocean, an expedition planned for August this year. During the deepest dive on April 28, which he undertook alone, Vescovo spent a total of four hours exploring the basin.

Pei dies at 102
Pei and Associates, has built projects across the USA and in more than 30 countries internationally, including two in Australia . Pei's death was confirmed on Thursday by Marc Diamond, a spokesman for the architect's NY firm, Pei Cobb Freed & Partners.

Chelsea Manning back in jail for refusing to cooperate with grand jury
She was released May 9 when the grand jury's term expired, but was issued a second subpoena before the current grand jury. Manning previously served 63 days in the cooler for refusing to talk, 28 of which were in solitary confinement.

Trump tries to tamp down talk of war with Iran
President Trump and Swiss President Ueli Maurer are meeting at the White House on Thursday, as tensions with Iran mount. Also on Friday, Britain's Foreign Office advised against all travel to Iran by British-Iranian dual nationals.

Brooks Koepka continues dominance in golf's majors
It was the first PGA Championship played in May since 1949, moving from August this year in a revamp of the global golf schedule. Only Ben Hogan, Bobby Jones, Jack Nicklaus , Gary Player , Gene Sarazen and Woods have career victories in the Masters , U.S.

Nick Jonas & Priyanka Chopra Engage in PDA at Cannes!
Bella arrived at the Rocketman premiere on May 16 in an ethereal, sheer Dior Haute Couture white ball gown with large spirals of sun ray pleated tulle ruffles.

Four killed in small plane crash close to Dubai airport
Operations were affected between 7.36 pm and 8.22 pm UAE local time, after which flights resumed from the airport. The four-seater DA42 plane, registered in the United Kingdom , was calibrating terrestrial navigation systems.

Boeing finishes software update for grounded airliner
To date, Boeing has flown the 737 MAX with updated software for more than 360 hours on 207 flights, the company said . The next major step is a certification flight with Federal Aviation Administration representatives on board.

Other news