Intel: Its processors are once again vulnerable to the leakage of sensitive data

A malware could extract data, such as passwords, application content, and encryption keys, from computers and cloud-based servers based on its processors Intel.

ΟIntel processors are once again vulnerable to the leakage of sensitive data. The flaws, revealed by security researchers on Tuesday, May 14, affect processor models built since 2011. Malicious software could extract data, such as passwords, application content, and encryption keys, from computers and cloud-based servers. based on Intel processors.

Usually, a program can only see its own data in the computer memory. However, the vulnerabilities revealed can effectively circumvent the security limits by compromising the processor to leak other program data held by the CPU's internal cache stored in the cache.

These "microarchitecture" vulnerabilities are similar to Meltdown and Specter that emerged last year, which deal with the architecture itself within the CPU. At the heart of the problem is how processors try to predict and pre-receive system files.

On the one hand, this approach greatly increases system performance. However, security researchers have realized that sensitive data can be retrieved and leaked this way. Although Intel has already mitigated Meltdown and Specter, researchers are continuing to uncover new variants of the vulnerabilities.

For example, one of the new flaws revealed is called ZombieLoad, and concerns how the processor cores are prepared to perform many tasks in parallel. Security researchers have discovered that they can export data to a CPU buffer. Whether the data has some value is another matter, but the fact that it may contain browser data, such as passwords and other system-level secrets running in various applications on a computer, is quite worrying.

Another vulnerability, called Reloaded Data Load Data (RIDL), uses a similar approach to steal data from the victim's computer. However, it can do this simply by running some Javascript in the browser to capture some text.

""Our research shows that what closed last year as an emergency infection bug is actually a systemic problem in modern processors and can cause even more problems than we originally thought," the researchers wrote. "If CPUs become so complex that manufacturers can not keep their security under control, then these vulnerabilities will be the new target for attackers.".

At present, the findings that are discovered seem to be still in the academic stage, that is, they have never encountered attacks related to the above defects. The main reason, however, is that hackers can simply use traditional malware to steal data instead of infringing on an Intel processor.

""Exploiting these vulnerabilities outside of the laboratory environment is extremely complex compared to other methods available to attackers," Intel said in a statement. "These issues are classified from low to moderate severity according to industry standards," he added.

In accordance with Wired, both Intel and security researchers seem to doubt the seriousness of the threat. Intel also states that the problem does not appear in the 8th and 9th generation processors that were released this year. For older processors, the company has already issued the corresponding updates. So it's a good idea to make sure you have firmware-based updates enabled on your computer.

"We have published more information on website "We continue to encourage everyone to keep their systems up to date, as it's one of the best ways to stay safe," Intel added.

Η Apple,The Microsoft and Google also announced repair procedures. However, fixes may affect system performance. For maximum security, Microsoft and Apple suggest that their customers consider disabling Hyper-Threading, which could further reduce performance by up to 40%. As for cloud servers, Microsoft, Google and Amazon say they have taken the necessary steps to protect their customers from the threat.

Source