New Spectre-esque security flaw found

New security flaw in Intel chips could affect millions

Security researchers have publicly disclosed today a series of potential security vulnerabilities affecting Intel microprocessors, which may allow information disclosure on users' machines.

Apple, Microsoft and Google have also released security patches, with other companies expected to follow. They called the vulnerabilities 'Zombieload'.

In Intel's own words, four processor architecture features (Store buffers, Load ports, Fill buffers, and Uncacheable memory) on processors which utilise speculative execution "may allow an authenticated user to potentially enable information disclosure via a side channel with local access".

It has been just over a year since CPU vulnerabilities like Spectre and Meltdown last dominated the news cycle.

A video of the flaw can be found here.

Greg Kroah-Hartman has issued Linux 5.1.2, 5.0.16, 4.19.43, 4.14.119, and 4.9.176 with these now public mitigation patches that pair with Intel's CPU microcode for mitigating this latest set of speculative execution side-channel vulnerabilities. Because these factors will vary considerably by customer, Intel is not recommending that Intel HT be disabled, and it's important to understand that doing so does not alone provide protection against MDS. "Practical exploitation of MDS is a very complex undertaking".

The OnePlus 7 Pro has already had a software update
The smartphone was launched at an event in Bengaluru on 14 May along with the OnePlus 7 and OnePlus Wireless Bullets V2 earphones. The new "Warp Charge 30" technology can give you nearly half of the charge from the massive 4,000mAh battery in just 20 minutes.

As we reported earlier, Microsoft has revealed that Windows 7 and XP are vulnerable to ZombieLoad, and it has released patches for all its operating systems which can be installed via Windows Update or from the Microsoft Support website.

It seems that the researchers chose to call the flaws ZombieLoad from a "zombie load", which is an amount of data that the processor can't properly process. The processor manufacturing giant on Tuesday began shipping microcode updates created to block these vulnerabilities from being exploited by clearing data from CPUs more quickly. Apps are usually only able to see their own data, but this bug reportedly allows that data to flow across those boundary walls.

According to the research paper, disabling hyperthreading might be the only way to completely prevent being at risk of a Zombieload attack. But hackers can exploit the newly discovered vulnerabilities to steal the discarded data before it's deleted and read the contents.

Of course, hackers need to have some way to run code on a targeted machine before the MDS vulnerabilities can be exploited so their severity might not be relevant to people who keep their PC under lock and key.

"It's another day and another big headline impacting a technology giant in the cybersecurity industry", said Sam Curry, chief security officer at Cybereason.

Related News:



Most liked

Farmer saws off own leg with pocket knife, crawls for help
The married father of three grown children said he has been meeting with doctors to determine when he can get a prosthetic leg. After a week in the hospital and two weeks in rehab in a clinic, he had been on Friday dismissed.

Cong has fielded 2 batsmen to take blame for poll defeat: Modi
The people of the state had given respect to here by making her the Chief Minister . The people who were responsible for the 1984 tragedy have to be punished.

McLaren unveils lightweight 2020 GT with supercar performance
It might look similar to existing McLarens, but there are new seats that are heated with extra padding and back support. A lightweight aluminum, double-wishbone design gets hydraulic dampers for McLaren's Proactive Damping Control.

Jagger is back! Rolling Stones to play TIAA Bank Field July 19
The operation came after it was announced The Rolling Stones would be cancelling their upcoming gigs due to Mick Jagger's illness. Tickets sold for the original dates will be honoured so fans do won't have to exchange their tickets.

Pilot escapes nearly unscathed after N.Y.C. helicopter plunge
Video from SKYFOX showed an overturned helicopter partially submerged in the water along the seawall adjacent to the heliport. The pilot sustained a minor injury to his hand as a result of the landing".

White House counsel rejects Democratic efforts to investigate Trump
Jerry Nadler (D-NY) makes a statement with some of his colleagues after the House Judiciary Committee voted to hold U.S. Attorney General William Barr in contempt of Congress for not responding to a subpoena on Capitol Hill, May 8, 2019.

Taiwan makes history as Asia’s first to endorse gay marriage
Ms Tsai's ruling Democratic Progressive Party (DPP) holds the majority in Parliament, occupying 68 out of 113 seats. The new bill will now go into effect next week and gay couples are already lining up to officially Wednesday .

Saudi-Led Warplanes Pound Yemen Rebels After Pipeline Attack
The Trump administration has accused Iran of supporting "imminent attacks" on US personnel in the region but provided details or evidence.

Sudan opposition says military rulers’ suspension of talks is regrettable

Missouri, latest US state to restrict abortion
Senator Kirsten Gillibrand of NY , also a 2020 candidate, said, "This is a war on women, and it is time to fight like hell". There are now 23 Democrats vying for their party's presidential nomination in 2020, but Massachusetts Sen.

Walmart Matches Amazon With Free One-Day Shipping on Many Items
Amazon has declined to say when the switch will happen, but it already offers one-day delivery for some items in certain areas. Walmart hopes to expand the program to reach 75% of the population by years end.

Conrad Black: Trump signs full pardon for former media baron
The British peer once ran a media empire that included the UK's Daily Telegraph , the Chicago Sun-Times and the Jerusalem Post . He wrote a column Thursday in Canada's National Post describing how Trump called him and revealed the pardon.

Iran says exercising restraint despite 'unacceptable' escalation of U.S. sanctions
Trump is in danger of being cornered into choosing between a counterproductive use of force and allowing Iran to cross red lines". Mr Lavrov said Mr Pompeo told him that a potential deployment of 120,000 USA troops to the Middle East was only a "rumour".

Manchester City under siege
And Liverpool FC defender Robertson, 25, feels that Manchester City will be anxious about the Reds' recent improvements. Speaking in an interview quoted by BBC Sport , Robertson said: "We are a tight-knit group, a young group".

Is Trump wrong on China tariffs?
The president also ordered tariffs to be raised on all remaining USA imports from China, which are valued at around $300 billion. China on Wednesday reported surprisingly weaker growth in its retail sales and industrial output in April.