Security researchers have found new vulnerabilities in Intel chips. The errors affect the vast majority of the processors that the company has released since 2011. Microsoft, Apple and other tech companies are now rolling out security updates to neutralize the four errors found.
The exception is a handful of processors that were unveiled last month, says Silicon Angle. The security researchers claim that the newly found errors have similarities with the Meltdown and Spectre vulnerabilities found in Intel products last year.
Operation
The new exploits allow hackers to steal data from a computer by abusing a mechanism in the processor known as ‘speculative execution’. The function, which was also the cause of Meltdown and Spectre, is used by Intel chips to speed up an application’s performance.
A processor can use speculative execution to guess what calculations a piece of software is going to perform, and perform some of the calculations in advance to save time. If the gamble is not correct, the processor will remove the results. However, hackers can use the newly discovered vulnerabilities to steal the discarded data before it is deleted. The content can then be read.
This data contains all the information generated by the application on a machine, including sensitive data such as passwords.
Cloud Platforms
The exploits are especially dangerous because they allow hackers to move beyond the virtual boundaries between the different programs on a computer. As a result, a piece of malware can theoretically steal data from any application that a user has open, whether it is a browser or a word processor.
Not only end user devices, but also Intel-based data center servers are affected. The exploits can also be a major problem for companies that use cloud platforms such as AWS, where applications often have to share hardware with other users’ workloads. One of the vulnerabilities, ZombieLoad, could even be deployed when an application is running in a virtual machine that isolates it from the underlying server.
However, the exploits seem to be easier to solve than Meltdown and Spectre. Intel has already rolled out patches for about ten processor families that have appeared since 2011. Major hardware manufacturers and software providers are now also releasing solutions. These include Google, Microsoft, Apple and AWS. However, the patches do affect the performance of a device. Consumers can notice a delay of up to 3 percent, servers 8 to 9 percent.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.
16 hours ago
