New Spectre-esque security flaw found

New Spectre-esque security flaw found

Security researchers have publicly disclosed today a series of potential security vulnerabilities affecting Intel microprocessors, which may allow information disclosure on users' machines.

Apple, Microsoft and Google have also released security patches, with other companies expected to follow. They called the vulnerabilities 'Zombieload'.

In Intel's own words, four processor architecture features (Store buffers, Load ports, Fill buffers, and Uncacheable memory) on processors which utilise speculative execution "may allow an authenticated user to potentially enable information disclosure via a side channel with local access".

It has been just over a year since CPU vulnerabilities like Spectre and Meltdown last dominated the news cycle.

A video of the flaw can be found here.

Greg Kroah-Hartman has issued Linux 5.1.2, 5.0.16, 4.19.43, 4.14.119, and 4.9.176 with these now public mitigation patches that pair with Intel's CPU microcode for mitigating this latest set of speculative execution side-channel vulnerabilities. Because these factors will vary considerably by customer, Intel is not recommending that Intel HT be disabled, and it's important to understand that doing so does not alone provide protection against MDS. "Practical exploitation of MDS is a very complex undertaking".

Saudi-Led Warplanes Pound Yemen Rebels After Pipeline Attack
The Trump administration has accused Iran of supporting "imminent attacks" on US personnel in the region but provided details or evidence.

As we reported earlier, Microsoft has revealed that Windows 7 and XP are vulnerable to ZombieLoad, and it has released patches for all its operating systems which can be installed via Windows Update or from the Microsoft Support website.

It seems that the researchers chose to call the flaws ZombieLoad from a "zombie load", which is an amount of data that the processor can't properly process. The processor manufacturing giant on Tuesday began shipping microcode updates created to block these vulnerabilities from being exploited by clearing data from CPUs more quickly. Apps are usually only able to see their own data, but this bug reportedly allows that data to flow across those boundary walls.

According to the research paper, disabling hyperthreading might be the only way to completely prevent being at risk of a Zombieload attack. But hackers can exploit the newly discovered vulnerabilities to steal the discarded data before it's deleted and read the contents.

Of course, hackers need to have some way to run code on a targeted machine before the MDS vulnerabilities can be exploited so their severity might not be relevant to people who keep their PC under lock and key.

"It's another day and another big headline impacting a technology giant in the cybersecurity industry", said Sam Curry, chief security officer at Cybereason.

Related News:



Most liked

SpaceX to launch 60 satellites to offer internet from space
Federal Communications Commission have been the main way information about SpaceX's constellation was made publicly available. If SpaceX is successful Thursday, the launch would mark the largest test yet for any company attempting such a project.

Cong has fielded 2 batsmen to take blame for poll defeat: Modi
The people of the state had given respect to here by making her the Chief Minister . The people who were responsible for the 1984 tragedy have to be punished.

Motorola One Vision announced with 21:9 display, 48-megapixel rear camera
On the back is a 48-megapixel, f/1.7 lens with a Quad-Pixel sensor, OIS and night vision mode, plus a 5 megapixel depth sensor. The One Vision uses an Exynos chipset, has a display with 21:9 aspect ratio and runs Android 9 Pie out of the box.

McLaren unveils lightweight 2020 GT with supercar performance
It might look similar to existing McLarens, but there are new seats that are heated with extra padding and back support. A lightweight aluminum, double-wishbone design gets hydraulic dampers for McLaren's Proactive Damping Control.

Pilot escapes nearly unscathed after N.Y.C. helicopter plunge
Video from SKYFOX showed an overturned helicopter partially submerged in the water along the seawall adjacent to the heliport. The pilot sustained a minor injury to his hand as a result of the landing".

White House counsel rejects Democratic efforts to investigate Trump
Jerry Nadler (D-NY) makes a statement with some of his colleagues after the House Judiciary Committee voted to hold U.S. Attorney General William Barr in contempt of Congress for not responding to a subpoena on Capitol Hill, May 8, 2019.

Higher tariffs to hit Apple's iPhone sales
Meanwhile, Apple's most expensive iPhone (the 512GB iPhone XS Max) would cost $200 more - bringing its price tag up to $1,650. The next-generation iPhone XR's color options may have already been revealed, according to a new report .

Huawei: China threatens to retaliate over United States sanctions
Ltd. said it will pursue "remedies immediately and find a resolution" in face the threats of a business ban in the United States . It runs research and development bases around the world in an effort to wean itself off of high-end US components.

Chelsea Manning Is Going Back To Jail, Again
Trenga responded, "There's nothing dishonorable in discharging your responsibility as a US citizen". Manning's lawyer, Moira Meltzer-Cohen, said after the hearing that her client would not back down.

Missouri, latest US state to restrict abortion
Senator Kirsten Gillibrand of NY , also a 2020 candidate, said, "This is a war on women, and it is time to fight like hell". There are now 23 Democrats vying for their party's presidential nomination in 2020, but Massachusetts Sen.

Conrad Black: Trump signs full pardon for former media baron
The British peer once ran a media empire that included the UK's Daily Telegraph , the Chicago Sun-Times and the Jerusalem Post . He wrote a column Thursday in Canada's National Post describing how Trump called him and revealed the pardon.

US, Russia 'share same objective' on N.Korea: Pompeo
Trump has voiced a desire since his presidential campaign to cooperate with Russian Federation on global challenges. But, like Pompeo, Khamenei stopped short of saying Iran is now seeking a resolution to the tensions.

Manchester City under siege
And Liverpool FC defender Robertson, 25, feels that Manchester City will be anxious about the Reds' recent improvements. Speaking in an interview quoted by BBC Sport , Robertson said: "We are a tight-knit group, a young group".

Is Trump wrong on China tariffs?
The president also ordered tariffs to be raised on all remaining USA imports from China, which are valued at around $300 billion. China on Wednesday reported surprisingly weaker growth in its retail sales and industrial output in April.

Bitcoin holds above $7000 after hitting nine-month high
Just hours after leaping 25% on Monday with no apparent explanation, the largest digital token added as much as 5.9% on Tuesday. The first digital coin broke $8,000 and touched $8,187 late on Monday before retracing towards $8,8030 by the time of writing.