From PC Mag: Intel is facing a new set of hardware-based vulnerabilities in the company's chips that can leak confidential data processed inside the CPU.
On Tuesday, security researchers disclosed the flaws, which affect Intel chips made as far back as 2011. By exploiting them, a piece of malware could extract data, such as passwords, application content, or encryption keys, from PCs and cloud-based servers built with the Intel processors.
Typically, a software program should only be able to view its own data over a machine. However, the vulnerabilities disclosed today can effectively erode these security boundaries by tampering with the Intel chip to leak other program data held by the CPUs-internal buffers, which act as temporary storage.
The so-called "microarchitectural data sampling" vulnerabilities are similar to last year's Meltdown and Spectre flaws, which deal with the very architecture inside Intel's silicon. At the heart of the problem is how Intel chips try to predict and pre-fetch the computing instructions as a system runs.
On the plus side, the approach will help speed up your machine's performance. However, security researchers realized you could also trick an Intel chip into pre-fetching sensitive data from a machine and leaking it out. Although Intel has been rolling out patches to mitigate the Meltdown and Spectre flaws, researchers continue to uncover new variants of the vulnerabilities because so many modern chips rely on data pre-fetching to improve the silicon's performance.
View: Article @ Source Site
