New Spectre-esque security flaw found

New security flaw in Intel chips could affect millionsMore

Security researchers have publicly disclosed today a series of potential security vulnerabilities affecting Intel microprocessors, which may allow information disclosure on users' machines.

Apple, Microsoft and Google have also released security patches, with other companies expected to follow. They called the vulnerabilities 'Zombieload'.

In Intel's own words, four processor architecture features (Store buffers, Load ports, Fill buffers, and Uncacheable memory) on processors which utilise speculative execution "may allow an authenticated user to potentially enable information disclosure via a side channel with local access".

It has been just over a year since CPU vulnerabilities like Spectre and Meltdown last dominated the news cycle.

A video of the flaw can be found here.

Greg Kroah-Hartman has issued Linux 5.1.2, 5.0.16, 4.19.43, 4.14.119, and 4.9.176 with these now public mitigation patches that pair with Intel's CPU microcode for mitigating this latest set of speculative execution side-channel vulnerabilities. Because these factors will vary considerably by customer, Intel is not recommending that Intel HT be disabled, and it's important to understand that doing so does not alone provide protection against MDS. "Practical exploitation of MDS is a very complex undertaking".

NYC mayor says he'll decide this week on presidential run
Buildings are responsible for almost 70 percent of greenhouse gas emissions in the city, the mayor's office said in a statement. NY has positioned itself as a bulwark against Trump administration attempts to dismantle action to address climate change.

As we reported earlier, Microsoft has revealed that Windows 7 and XP are vulnerable to ZombieLoad, and it has released patches for all its operating systems which can be installed via Windows Update or from the Microsoft Support website.

It seems that the researchers chose to call the flaws ZombieLoad from a "zombie load", which is an amount of data that the processor can't properly process. The processor manufacturing giant on Tuesday began shipping microcode updates created to block these vulnerabilities from being exploited by clearing data from CPUs more quickly. Apps are usually only able to see their own data, but this bug reportedly allows that data to flow across those boundary walls.

According to the research paper, disabling hyperthreading might be the only way to completely prevent being at risk of a Zombieload attack. But hackers can exploit the newly discovered vulnerabilities to steal the discarded data before it's deleted and read the contents.

Of course, hackers need to have some way to run code on a targeted machine before the MDS vulnerabilities can be exploited so their severity might not be relevant to people who keep their PC under lock and key.

"It's another day and another big headline impacting a technology giant in the cybersecurity industry", said Sam Curry, chief security officer at Cybereason.

Related News:



Most liked

American Airlines Pilots Confronted Boeing About Safety Issues Before Ethiopia Crash
Subcommittee Chairman Rick Larsen, a Washington Democrat, issued a press release Tuesday seeking answers from FAA on the crashes. However, Elwell emphasized that the crashes were the result of a chain of events that also included pilot actions, or inactions.

Pokemon Rumble Rush mobile game coming to iOS and Android
The Pokemon franchise is obtaining a brand-new mobile game, which ought to be launched soon for Android as well as iPhone devices. Each encounter includes a chance that one or more Pokemon will befriend a player and in turn use those Pokemon in future battles.

Cong has fielded 2 batsmen to take blame for poll defeat: Modi
The people of the state had given respect to here by making her the Chief Minister . The people who were responsible for the 1984 tragedy have to be punished.

McLaren unveils lightweight 2020 GT with supercar performance
It might look similar to existing McLarens, but there are new seats that are heated with extra padding and back support. A lightweight aluminum, double-wishbone design gets hydraulic dampers for McLaren's Proactive Damping Control.

Jagger is back! Rolling Stones to play TIAA Bank Field July 19
The operation came after it was announced The Rolling Stones would be cancelling their upcoming gigs due to Mick Jagger's illness. Tickets sold for the original dates will be honoured so fans do won't have to exchange their tickets.

FCC proposes tougher action against robocalls with blocking by default
The FCC's proposal also would allow providers to offer customers an even more aggressive form of blocking than the default option. FCC Chairman Ajit Pai put forward a proposal that would make it legal for phone companies to block unwanted robocalls by default.

Pilot escapes nearly unscathed after N.Y.C. helicopter plunge
Video from SKYFOX showed an overturned helicopter partially submerged in the water along the seawall adjacent to the heliport. The pilot sustained a minor injury to his hand as a result of the landing".

Higher tariffs to hit Apple's iPhone sales
Meanwhile, Apple's most expensive iPhone (the 512GB iPhone XS Max) would cost $200 more - bringing its price tag up to $1,650. The next-generation iPhone XR's color options may have already been revealed, according to a new report .

Taiwan makes history as Asia’s first to endorse gay marriage
Ms Tsai's ruling Democratic Progressive Party (DPP) holds the majority in Parliament, occupying 68 out of 113 seats. The new bill will now go into effect next week and gay couples are already lining up to officially Wednesday .

Cardinals star Patrick Peterson gets 6-game suspension for PEDs
The eight-time Pro Bowler was mentioned as a trade target both around the trade deadline last season and during this offseason . Last month, he deleted all mentions of the Cardinals on his social media pages in another reported rift with team management.

WHO Issues Guide to Cut Risks of Dementia
The agency said its new recommendations could provide the key to delaying or slowing cognitive decline or dementia . Today, around 50 million people globally suffer from dementia and there are almost 10 million new cases every year.

Frank Lampard mocks Leeds fans by singing 'stop crying Frank Lampard' song
Marriott chipped in an 85th minute victor for Derby to see them progress and set up a clash with Aston Villa at Wembley in the final.

Conrad Black: Trump signs full pardon for former media baron
The British peer once ran a media empire that included the UK's Daily Telegraph , the Chicago Sun-Times and the Jerusalem Post . He wrote a column Thursday in Canada's National Post describing how Trump called him and revealed the pardon.

New premium Uber features include ‘Quiet Mode’
Even if you do select the " quiet preferred " option, the driver isn't under any obligation to keep silent during the trip. The features will go live in Columbia and SC on Thursday and will roll out across the United States within few days.

Bitcoin holds above $7000 after hitting nine-month high
Just hours after leaping 25% on Monday with no apparent explanation, the largest digital token added as much as 5.9% on Tuesday. The first digital coin broke $8,000 and touched $8,187 late on Monday before retracing towards $8,8030 by the time of writing.