Intel processors hit with another serious security flaw impacting millions of PCs

(Image credit: iMore)

What you need to know

  • Researchers at several institutions have discovered another serious security flaw in Intel processors.
  • The attack vector is similar to last year's Meltdown and Spectre flaws, and four variants have been proven to work so far.
  • Potentially millions of PCs and servers are affected, allowing hackers to gain access to sensitive data.
  • Apple patched the flaw in recent Mojave and Safari updates. Microsoft is rolling out a fix today, and Intel says it has one ready to roll out on its end as well.

Early in 2018, two major vulnerabilities, dubbed Spectre and Meltdown, were discovered by researchers in Intel and AMD processors. While mitigations have since been released from Intel, AMD, Microsoft, and other major hardware and software companies, the method of attack, which takes advantage of a process called speculative execution, has led researchers to discover a set of four more attacks that impact Intel processors dating back to 2008, Wired reports.

Intel has collectively dubbed the attacks "Microarchitectural Data Sampling" (MDS). And while the set of four attacks all operate in a similar manner to Meltdown and Spectre, these new MDS attacks (ZombieLoad, Fallout, and RIDL) appear to be easier to execute. From Wired:

In these new cases, researchers found that they could use speculative execution to trick Intel's processors into grabbing sensitive data that's moving from one component of a chip to another. Unlike Meltdown, which used speculative execution to grab sensitive data sitting in memory, MDS attacks focus on the buffers that sit between a chip's components, such as between a processor and its cache, the small portion of memory allotted to the processor to keep frequently accessed data close at hand.

Each variant of the attack can be used as a gateway into viewing raw data that passes through a processor's cache before it is tossed discarded through the speculative execution process. If executed quickly in succession, a hacker could gather enough random data to piece together everything from passwords to the keys used to decrypt hard drives.

"In essence, [MDS] puts a glass to the wall that separates security domains, allowing attackers to listen to the babbling of CPU components," VUSec, one of the firms that discovered the flaws, said in a paper set to be presented next week and seen by Wired.

A video of ZombieLoad, one of the four attacks, in action, showing how it can be used to log what websites you visit.

Those who discovered the attacks include researchers from the Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany and Cyberus, BitDefender, Qihoo360 and Oracle, Wired says.

In speaking with Wired, Intel says its own researchers discovered the flaw last year and it now has fixes available at the hardware and software level. The company also says some processors shipped in last month have fixed the vulnerability.

However, Intel and the researchers disagree on the severity of the flaw. While Intel rates the attacks as "low to medium" in severity, researchers from the institutions that discovered the attacks told Wired that they could "reliably dig through that raw output to find the valuable information they sought."

For its part, Microsoft shipped a fix for Windows PCs today. In a statement to Wired, a Microsoft spokesperson said, "We're aware of this industry-wide issue and have been working closely with affected chip manufacturers to develop and test mitigations to protect our customers." Apple also tells Wired that it rolled out patches with recent Mojave and Safari updates.

While fixes may be starting to become available, it will take time for them to be applied to PCs and servers affected by the four variants. That raises concerns that the attacks could be used on potentially millions of machines around the world to access sensitive data before they are patched, if at all.

Dan Thorp-Lancaster