New to Busy?

// Security NEWS // Intel Victims Of New Critical Vulnerabilities In All Its Processors (+video proof)

1 comment

vijbzabyss
67
6 days agoSteemit3 min read

ZombieLoad attacks allow access to data processed regardless of access privileges. And therefore to extract sensitive information.

intel-prossor-motherboard.jpg
Source

Researchers who discovered the famous Meltdown and Spectre vulnerabilities have just set the scene with "ZombieLoad", a new kind of attack on Intel processors. Similar to the Meltdown flaw, it allows a malicious process to access in real time the data processed by the physical computing core on which it is executed, regardless of privilege levels.

It can thus access data from another process or a virtual machine running on the same hardware. It can even access data from an Intel SGX secure execution area.

For example, the researchers made a video showing the malicious process of recovering navigation data in real time from a person using Tor Browser in a virtual machine.

Technically, this attack is based on a bad design in the management of data loaded in the buffer memory ("load buffer"). It can happen that a data loading causes an error and generates erroneous operations that will be cancelled later ("transient operations"). The ZombieLoad attack makes it possible to leak these provisional data.

You need to update your operating system

According to the researchers, all processors built since 2011 are affected by these vulnerabilities. For Intel, this attack results in four security vulnerabilities that require processor firmware updates to be addressed.

For the most recent models, updates are already available and will, in the clear majority of cases, be deployed by an update of the operating system. Some updates are still under development.

Finally, some older processor models will not be patched. Intel has posted on its website the list of impacted processors.

Apple, Google and Microsoft have already patches that can be installed to be secure. This obviously only applies to Intel-based devices, such as MacBooks, Chromebooks or Windows PCs.

The clear majority of connected smartphones, tablets and watches were not involved. When questioned by TechCrunch, an Intel spokesperson estimates that these patches will reduce the performance of consumer terminals by up to 3%. In data centres, this decrease could be up to 9%.

Stay Informed, Stay Safe

DQmdpsoEfLe5nRg4Q1oKWHNjLdMnAucCYfRou1yF5Yiwrzs.png

DQmNuF3L71zzxAyJB7Lk37yBqjBRo2uafTAudFDLzsoRV5L.gif

Comments

Sort byBest