Researchers discover new security vulnerabilities in Intel processors: Page 2 of 2

May 15, 2019 //By Christoph Hammerschmidt
Researchers discover new security vulnerabilities in Intel processors
Researchers at Graz University of Technology revealed new vulnerabilities in Intel processors. The research team, which was also involved in the discovery of the serious security vulnerabilities Meltdown and Spectre last year, now draws attention to the fact that again updates and security solutions are necessary to solve the newly discovered security problems.

For Meltdown there was a simple solution with the "KAISER" patch available, developed by the TU Graz team, which however affected the speed of the computer to some extend. For ZombieLoad attacks a solution could be more difficult, as Gruss explains: "Each CPU has several cores and each core is split again. This allows several programs to run simultaneously. According to our analysis, one of these two areas must be deleted." This would mean performance losses of 50 percent. Or in a cloud that is also threatened by the attack method, 50 percent fewer potential users on the same hardware. All processors developed by Intel between 2012 and early 2018 will be affected.

Store-to-leak forwarding also exploits the optimized working methods of computer processors and reads preloaded data. "The computer assumes that I want to reuse the data that I have just written into the processor. So it keeps them in the buffer in order to be able to access them more quickly," explains Gruss. This way of working can be used again to explore the architecture of the computer processor and find the exact location where the operating system is running. "If I know exactly where the operating system is running by the processor, I can launch targeted attacks on operating system vulnerabilities."

The researchers reported the discoveries to the manufacturer Intel, which is now working on a solution. "All computer users should urgently install all new updates so that their computer systems are safe again," Gruss recommends.

Further information on ZombieLoad: https://zombieload.com/zombieload.pdf

Further information on Store-to-Leak Forwarding: https://cpu.fail/store-to-leak.pdf   

 

Related articles:

Intel produces white paper, benchmark on Meltdown, Spectre

Siemens expands its cybersecurity charter activities to suppliers

 


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.