Get App


Associate Partners

you are here: HomeNewsTrends
Last Updated : May 15, 2019 08:14 AM IST | Source:

Cybersecurity firms and researchers uncover new Spectre-like flaw in several Intel chips

If you're thinking of getting Intel's Ivy Bridge, Haswell, Skylake or Kaby Lake processors, consider yourself warned.

Carlsen Martin

A little over a year after the Meltdown and Spectre flaws found in millions of AMD and Intel chips, a group of security firms and researches discovered a new class of side channel vulnerabilities impacting all Intel CPUs. The security flaw titled 'Zombieload' can potentially leak raw data from a system's CPU.

Like Meltdown, Spectre, and Foreshadow that came before, Zombieload exploits vulnerabilities in Intel's current speculative execution process, an optimisation technique the chipmaker adds to its CPUs to improve data processing speeds and performance.

Experts have been pointing out flaws in Intel's speculative execution process for over a year now, exposing ways data can be leaked through CPU buffer zones and data processing operations.

Today, Intel and a team of academic researchers have termed this new form of hackable vulnerability in Intel's chips – previously labelled as Zombieload – as a Microarchitectural Data Sampling (MDS) attack. The MDS issue is a speculative execution side-channel attack that allows an attacker to locally execute code to target the CPU's micro-architectural data structures, which are otherwise protected by Intel's processor architectural mechanisms. This technique could allow a malicious actor to siphon a stream of potentially sensitive data.

In the past, Intel has been quick to resolve, not so much resolve as mitigate, Spectre and Meltdown issues with microcode patches and software tweaks. According to BitDefender, Intel's most recent CPU flaw can be partially resolved with microcode patches. The security firm also claims that it is working with Intel and other partners to add protection at the hypervisor level.

However, BitDefender also notes that, since the issue originates from a design flaw in the hardware, a general fix is impossible. MDS attacks are proven to work on Intel's Ivy Bridge, Haswell, Skylake, and Kaby Lake processors. So, if you're thinking of getting one of those, consider yourself warned. According to researches, Intel processors for desktops, laptops, and cloud servers are all at risk, which comes as terrible news for the entire digital sector at large.
First Published on May 15, 2019 08:14 am
More From
Follow us on
Available On
PCI DSS Compliant