Researchers discover new security flaws in most Intel processors released since 2011
Microsoft Corp., Apple Inc. and other tech companies are rolling out security updates for their products to neutralize four newly disclosed vulnerabilities in Intel Corp. chips.
The flaws, which were made public today, affect the vast majority of the processors that the company has released since 2011. The exception is a handful of models that launched last month. According to the security researchers who mapped out the flaws, they share similarities with the notorious Meltdown and Spectre vulnerabilities that were discovered in Intel’s products last year.
The new exploits enable hackers to steal data from a computer by abusing a processor mechanism known as speculative execution. This feature, which was also the cause of Meltdown and Spectre, is used by Intel chips to speed up application performance. A processor can use speculative execution to guess what computations a piece of software is about to carry out and perform some of the calculations in advance to save time.
In cases when a guess is incorrect, the processor throws out the results. But hackers can exploit the newly discovered vulnerabilities to steal the discarded data before it’s deleted and read the contents. This data contains all the information generated by the applications on a machine, including sensitive records such as passwords.
What makes the exploits especially dangerous is that they allow hackers to bypass the virtual barriers separating the different programs on a computer. As a result, a piece of malware could theoretically steal data from every application that a user has running, be it a browser or a word processor. And Intel-based data center servers are affected too.
The exploits could be an especially big concern for companies using cloud platforms such as Amazon Web Services, where applications often have to share hardware with workloads from other users. One of the new vulnerabilities, dubbed ZombieLoad, can reportedly be triggered even if an application runs inside a virtual machine that isolates it from the underlying server.
The good news is that the exploits seem to have an easier fix than Meltdown and Spectre. Intel has already released patches for the more than a half-dozen affected processor families released since 2011, while major hardware makers and software providers are issuing fixes as well. Microsoft, Apple, Google LLC and Amazon Web Services are among the companies that have updated their products so far.
The patches will take a toll on affected devices’ performance. Intel said that consumers can expect an up to 3% slowdown after they install the fix, while servers will take a 8% to 9% hit to processing speed on the high end.
Photo: Intel
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU