Intel Has Only Just Fixed a Critical Flaw It Warned of Months Ago
%2Favatars%2F6UKotck4r9pz.jpg&w=96&q=75)
%2Fimg%2Fiea%2FXy6xYr5bwr%2Fintel-security-flaw.jpg&w=3840&q=75)
Security researchers at Vrije Universiteit Amsterdam, who played a role in uncovering the Spectre and Meltdown attacks that targeted microprocessors last year, recently revealed a new vulnerability in Intel chips.
What's more, they claim Intel hasn't been completely transparent when it comes to patching these issues and say some of the flaws have gone unfixed for months.
RELATED: INTEL DEVELOPING AN AI CHIP THAT ACTS LIKE THE HUMAN BRAIN
Chips manufacturers and cybersecurity
While Intel has said there are no reports of real-world exploits linked to the flaw pointed out by the security researchers, the potential risk to users is still significant, Gizmodo reports. It serves as a new example of chip manufacturers struggling with cybersecurity.
According to the research, the vulnerability can allow for an attack that is a variant of Zombieload. This type of attack targets a class of vulnerabilities called Microarchitectural Data Sampling (MDS) by Intel.
It allows a malicious hacker to manipulate a microprocessor into leaking potentially sensitive information that is temporarily stored in its data buffer.
The bug was disclosed by a group of researchers, including those at Vrije Universiteit in Amsterdam, as well as ones from KU Leuven in Belgium, the German Helmholtz Center for Information Security, and the Graz University of Technology in Austria.
An ineffective fix
As per The New York Times, the researchers say that, despite previously claiming the bug was fixed, Intel chose an ineffective way to address the chip vulnerabilities they had been made aware of.
Instead of fixing the main issue, which might require redesigning the processor, it patched each variant as it was discovered.
“There are tons of vulnerabilities still left, we are sure,” Mr. Bos said. “And they don’t intend to do proper security engineering until their reputation is at stake.”
Intel, of course, begs to differ. The company claims it has “substantively” reduced the potential for attacks. “We continuously improve the techniques available to address such issues and appreciate the academic researchers who have partnered with Intel,” the company told Gizmodo.
SHOW COMMENT (1)
/2023/07/31/image/jpeg/eNK3RS3ljKf5vLSQsStQ1gGHBKjS5wH9w8iL5QjE.jpg "Printed solar panels could generate power from existing infrastructure")
/2023/08/25/image/png/5hf1N5LFzyDY4pUpvoJ0BtpujwCPfsL68t1cAIVj.png "Why is anti-piracy software Denuvo stirring controversy?")
/2023/09/24/image/jpeg/KzrjnGeg73nBp79gp6uG4mGSP6z49OiIU7hLlAlx.jpg "Should police have marijuana tests?")
/2023/09/24/image/jpeg/PWfAmrTeb8jwX03RRo3NrEcuXFyAU3KacYehmzog.jpg "Scientists identify 11 genes linked to aggressive prostate cancer")
/2023/09/24/image/jpeg/gvYPBp0r50sdqaAL2AImkVsov452gw27Fppg2J03.jpg "Solar power and storage prices have dropped almost 90%")
/2023/07/17/image/jpeg/45219tvYuQJId0ojEgO8xNJ447jHljZ4msSiFffI.jpg "Manganese ocean ‘potatos’ are highly radioactive")
/2023/08/15/image/jpeg/3ADnsR8aU7X67YVp1xAQ4daq6u8JVlTTLmG0Rx6c.jpg "What is pre-war steel, and why are people stealing it?")
/2023/09/11/image/jpeg/mw8NLvKzCuvSD401qb27onireFyOORpjyaAdeGr5.jpg "Can you improve on the ISS? Nanoracks hopes Starlab will fit the bill")
/2023/09/24/image/jpeg/5IhPSoZ9DXr5WlYWb05D0FnwrAohcrwKERnSeTLb.jpg "(Anti)aromaticity reveals key to Azulene's blue light magic")
/2023/09/24/image/jpeg/x57mUK71xvVh8KL4ue7UR55ye3v9XU15Pf47IZk0.jpg "Microsoft to cover legal costs for AI-generated content")