Intel Has Only Just Fixed a Critical Flaw It Warned of Months Ago

Intel's management of the flaws leaves doubts as to the effectiveness of their current fixes.

| Nov 13, 2019 06:31 AM EST

Created: Nov 13, 2019 06:31 AM EST

Security researchers at Vrije Universiteit Amsterdam, who played a role in uncovering the Spectre and Meltdown attacks that targeted microprocessors last year, recently revealed a new vulnerability in Intel chips.

What's more, they claim Intel hasn't been completely transparent when it comes to patching these issues and say some of the flaws have gone unfixed for months.

Chips manufacturers and cybersecurity

While Intel has said there are no reports of real-world exploits linked to the flaw pointed out by the security researchers, the potential risk to users is still significant, Gizmodo reports. It serves as a new example of chip manufacturers struggling with cybersecurity.

According to the research, the vulnerability can allow for an attack that is a variant of Zombieload. This type of attack targets a class of vulnerabilities called Microarchitectural Data Sampling (MDS) by Intel.

It allows a malicious hacker to manipulate a microprocessor into leaking potentially sensitive information that is temporarily stored in its data buffer.

The bug was disclosed by a group of researchers, including those at Vrije Universiteit in Amsterdam, as well as ones from KU Leuven in Belgium, the German Helmholtz Center for Information Security, and the Graz University of Technology in Austria.

An ineffective fix

As per The New York Times, the researchers say that, despite previously claiming the bug was fixed, Intel chose an ineffective way to address the chip vulnerabilities they had been made aware of.

Instead of fixing the main issue, which might require redesigning the processor, it patched each variant as it was discovered.

“There are tons of vulnerabilities still left, we are sure,” Mr. Bos said. “And they don’t intend to do proper security engineering until their reputation is at stake.”