Researchers from a variety of security firms have discovered yet another security flaw in Intel processors. The flaw enables similar attacks as the Meltdown and Spectre exploits discovered in January of 2018, and affects processors manufactured dating back to 2008. But the good news is, the fix is already in the making.
Unlike Meltdown, which used speculative execution to grab sensitive data sitting in memory, MDS attacks focus on the buffers that sit between a chip’s components, such as between a processor and its cache, the small portion of memory allotted to the processor to keep frequently accessed data close at hand. – Wired Magazine
The flaw was discovered by a wide variety of University and security research firms, including Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany and Cyberus, BitDefender, Qihoo360 and Oracle.
Taking advantage of the same flaw known as “speculative execution,” a series of new attacks using “Microarchitectural Data Sampling” enable hackers to take control of a computer, gaining access of sensitive data. The attacks are known as ZombieLoad, Fallout and RIDL, and can be used to view raw data as it passes through the CPU cache, before it is processed and then discarded through the speculative process.
VUSec, one of the security firms that discovered the flaw, says it’s like “putting a glass up against the wall” of the processor cache and listening as the CPU reads the data. The result is, that if a hacker works quickly, they can gather enough data to discover passwords and keys used to decrypt sensitive data. Here’s a video that shows the exploit in action:
“We’re aware of this industry-wide issue and have been working closely with affected chip manufacturers to develop and test mitigations to protect our customers.” – A Microsoft spokesperson
Intel has stated that the flaw was discovered internally last year and that they have pushed out fixes at both the hardware and software level to fix the security, as have both macOS and Windows with recent updates. That’s very good news. But experts admit that while fixes are in place, it will take some time for computers to be updated, and even then, some won’t update their older systems, leaving them will vulnerable to attack.
So it’s best to set your operating system update to automatic and let it do its thing.Users will also want to visit Intel for an update to it’s processor firmware as well.
No word yet on if this affects AMD users. So be on the lookout for an update as it happens.
Hat Tip – iMore