Date:16/05/19
A newly discovered security flaw in Intel processors allows attackers to steal any data that’s been recently accessed by the processor. That even holds true on cloud servers, which could allow an attacker to steal information from other virtual machines running on the same PC.
It’s not known whether the attack, dubbed ZombieLoad, has been used by malicious hackers. The flaw was discovered by researchers from Graz University of Technology and was disclosed to Intel. Intel has issued code to patch the flaw, though it has to be implemented by individual manufacturers and then installed by users before everyone is protected.
The flaw affects almost every Intel chip since 2011, according to TechCrunch. Wired reports that Apple and Google have already issued updates, while Microsoft announced the availability of updates today. Attackers have to be able to run code on a machine in order to take advantage of ZombieLoad, so this isn’t a flaw everyone is imminently at risk from.
Intel says that its two most recent generations of Core processors prevent against this type of attack, known as Microarchitectural Data Sampling, at a hardware level. Some sever chips are protected as well. All other processors require software updates, Intel says. “[We] encourage everyone to keep their systems up to date, as its one of the best ways to stay protected,” the company says in a statement.
ZombieLoad is the latest in a string of serious security flaws that take advantage of a process, known as speculative execution, that’s built into most modern processors. The feature allows processors to preemptively execute future commands, offering speed increases. But as researchers first discovered with Spectre and Meltdown, that process leaves some gaping vulnerabilities for attackers to slip through.
Fixing those vulnerabilities has required patching processors in ways that can slightly slow them down. But the fixes don’t cut off the attack vector entirely — speculative execution is an area that researchers expect to keep finding flaws. Spectre and Meltdown were the first two, and another was discovered just months later.
So far, these attacks haven’t had the horrendous effects researchers warned about. There have been a load of patches, but slowdowns have been minor and there’s yet to be a major known attack taking advantage of these flaws. That certainly doesn’t mean those problems will never come, though, and with years of computers filled with threatened chips, it’s likely more attacks will continue to be found.
ZombieLoad attack lets hackers steal data from Intel chips
A newly discovered security flaw in Intel processors allows attackers to steal any data that’s been recently accessed by the processor. That even holds true on cloud servers, which could allow an attacker to steal information from other virtual machines running on the same PC.It’s not known whether the attack, dubbed ZombieLoad, has been used by malicious hackers. The flaw was discovered by researchers from Graz University of Technology and was disclosed to Intel. Intel has issued code to patch the flaw, though it has to be implemented by individual manufacturers and then installed by users before everyone is protected.
The flaw affects almost every Intel chip since 2011, according to TechCrunch. Wired reports that Apple and Google have already issued updates, while Microsoft announced the availability of updates today. Attackers have to be able to run code on a machine in order to take advantage of ZombieLoad, so this isn’t a flaw everyone is imminently at risk from.
Intel says that its two most recent generations of Core processors prevent against this type of attack, known as Microarchitectural Data Sampling, at a hardware level. Some sever chips are protected as well. All other processors require software updates, Intel says. “[We] encourage everyone to keep their systems up to date, as its one of the best ways to stay protected,” the company says in a statement.
ZombieLoad is the latest in a string of serious security flaws that take advantage of a process, known as speculative execution, that’s built into most modern processors. The feature allows processors to preemptively execute future commands, offering speed increases. But as researchers first discovered with Spectre and Meltdown, that process leaves some gaping vulnerabilities for attackers to slip through.
Fixing those vulnerabilities has required patching processors in ways that can slightly slow them down. But the fixes don’t cut off the attack vector entirely — speculative execution is an area that researchers expect to keep finding flaws. Spectre and Meltdown were the first two, and another was discovered just months later.
So far, these attacks haven’t had the horrendous effects researchers warned about. There have been a load of patches, but slowdowns have been minor and there’s yet to be a major known attack taking advantage of these flaws. That certainly doesn’t mean those problems will never come, though, and with years of computers filled with threatened chips, it’s likely more attacks will continue to be found.
Views: 433
©ictnews.az. All rights reserved.
Similar news
- Azerbaijani project to monitor disease via mobile phones
- Innovative educational system to be improved under presidential decree
- NTRC prolongs license of two TV and radio organizations for 6 years
- Azerbaijan establishes e-registry for medicines
- Azerbaijani museum introduces e-guide
- Nar Mobile opens “Nar Dunyasi” sales and service center in Siyazan city
- International conference on custom electronic services held in Baku
- OIC secretary general to attend COMSTECH meeting in Baku
- Azerbaijan develops earthquake warning system
- New law to regulate transition to digital broadcasting in Azerbaijan
- Azerbaijani State Social Protection Fund introduces electronic digital signature
- Intellectual traffic management system in Baku to be commissioned in December
- Tax Ministry of Azerbaijan started receiving video-addresses
- World Bank recommends Azerbaijan to speed up e-service introduction in real estate
- Azerbaijan to shift to electronic registration of real estate
