Breaking News

Synology Unveils DiskStation DS225 Plus New PS5 system update beta previews DualSense wireless controller pairing across multiple devices EnGenius Multi-Gigabit Switch Delivers 2.5G Performance with 90W PoE Viltrox’s AF 90mm F3.5 Lens for the DJI Inspire 3 EnGenius Announces Affordable ECW520 Access Point

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Intel Reveals New Chip Security Flaw

Intel Reveals New Chip Security Flaw

PC components May 15,2019 0

Intel has disclosed Microarchitectural Data Sampling, or MDS, a new set of processor security flaws.

Although both Intel and security researchers who discovered the flaws have never seen exploits in the wild, they’ve been able to create exploits of their own as a proof of concept.

The Intel chipsets released this year include a fix for the flaws, but the flaws impact every Intel microprocessor released since 2011, so previous versions will need to be patched. Those patches are already available, but some, depending on the chipset, could slow performance by as much as 19 percent.

The security researchers who worked with Intel have released their own information about the flaws, and each has created sample exploits to demonstrate the issues. The RIDL and Fallout speculative execution attacks - that's the name the researchers gave to their tests - allow attackers to leak confidential data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your information to malicious websites. The attacks leak data by exploiting the newly disclosed Microarchitectural Data Sampling (or MDS) side-channel vulnerabilities in Intel CPUs. Unlike existing attacks, the attacks orchestrated by the researchers can leak arbitrary in-flight data from CPU-internal buffers (Line Fill Buffers, Load Ports, Store Buffers), including data never stored in CPU caches. The researchers show that existing defenses against speculative execution attacks are inadequate, and in some cases actually make things worse. Attackers can use the specific attacks to obtain sensitive data despite mitigations, due to vulnerabilities deep inside Intel CPUs.

Another group of researchers has created an exploit called ZombieLoad.

“The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them,” the ZombieLoad website notes. “While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys. The attack does not only work on personal computers but can also be exploited in the cloud.”

Amazon, Apple, Google, Microsoft, and Mozilla have all claimed to have issued fixes for the flaws.

AMD has confirmed that its processors are unaffected by the RIDL and Fallout vulnerabilities.

"...we believe our products are not susceptible to 'Fallout' or 'RIDL' because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so," reads the AMD statement.

Tags: SecurityIntelProcessors
Previous Post
SpaceX To Launch 60 Starlink Satellites For Space Internet Service
Next Post
Microsoft Patches Older Versions of Windows Against Wormable Windows Bug

Related Posts

  • An Intel-HP Collaboration Delivers Next-Gen AI PCs

  • New Intel Xeon 6 CPUs to Maximize GPU-Accelerated AI Performance

  • Intel Unveils New GPUs for AI and Workstations at Computex 2025

  • G.SKILL Releases DDR5 Memory Support List for Intel 200S Boost

  • Intel and its partners release BIOS update for Intel 15th Gen to increase performance

  • Intel-AMD new motherboards announced

  • Intel at CES 2025

  • Intel Launches Arc B-Series Graphics Cards

Latest News

Synology Unveils DiskStation DS225 Plus
Enterprise & IT

Synology Unveils DiskStation DS225 Plus

New PS5 system update beta previews DualSense wireless controller pairing across multiple devices
Gaming

New PS5 system update beta previews DualSense wireless controller pairing across multiple devices

EnGenius Multi-Gigabit Switch Delivers 2.5G Performance with 90W PoE
Enterprise & IT

EnGenius Multi-Gigabit Switch Delivers 2.5G Performance with 90W PoE

Viltrox’s AF 90mm F3.5 Lens for the DJI Inspire 3
Drones

Viltrox’s AF 90mm F3.5 Lens for the DJI Inspire 3

EnGenius Announces Affordable ECW520 Access Point
Enterprise & IT

EnGenius Announces Affordable ECW520 Access Point

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

be quiet! Pure Base 501

be quiet! Pure Base 501

Terramaster F8-SSD

Terramaster F8-SSD

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed