Another round of Intel chip flaws discovered

Another round of Intel chip flaws discovered

But a year ago the processor industry was shaken by news that Spectre and Meltdown could theoretically enable hackers to leapfrog those hardware barriers and steal some of the most securely held data on the computers involved.

Security researchers have revealed the Zombieload Attack to the public.

"Ever since Meltdown/Spectre, if not before, researchers have been going over every micro-architectural enhancement from the past 40 years and assessing them as side-channel targets", said Joe FitzPatrick, an instructor and researcher at SecuringHardware.com, a training site. The vulnerability could let hackers read almost all data flowing through one of Intel's chips, though the company said the attack is hard to carry out and that it has not seen it used outside of labs. They could be used to get passwords or access tokens.

Intel has provided a lookup table in a PDF, listing a huge number of its processors. In a statement to Wired, a Microsoft spokesperson said, "We're aware of this industry-wide issue and have been working closely with affected chip manufacturers to develop and test mitigations to protect our customers".

Firefighters rescue two people dangling from Oklahoma City skyscraper
Video showed the lift - which looks like a large metal basket - hitting the side of the building hard enough to break windows. Macy said firefighters secured the scaffold with ropes as it dangled from a crane, 20-30 feet (6-9 meters) above the roof.

Quake causes tsunami alert
The region is the location of most of Earth's subduction zones, where oceanic plates slide under the lighter continental plates. A magnitude 7.7 quake struck off the coast of Papua New Guinea , the United States Tsunami Warning System reported Wednesday.

Man pleads guilty in mall attack against child
He had two previous convictions for assaults at the mall, both in 2015, and had been banned from the property at one point. Authorities have not released the boy's name and say his family requested privacy.

Intel has released microcode updates to patch the vulnerabilities, but to properly immunise a PC a combination of firmware and software updates is needed and the fixes are expected to impact CPU performance. In a worst case scenario consumers are said to be looking at a 3 per cent performance hit.

If you are interested in how attacks like Zombieload work with the newly revealed hardware vulnerabilities, it sounds similar to the way that Spectre and Meltdown attacks work. "MDS techniques are based on a sampling of data leaked from small structures within the CPU using a locally executed speculative execution side channel".

Of course, hackers need to have some way to run code on a targeted machine before the MDS vulnerabilities can be exploited so their severity might not be relevant to people who keep their PC under lock and key.

'Even if home users used their browsers to visit a website with an advert or other content with a malware Java programme, the hacker could still steal information, ' the researchers say.

Related Articles