#INTEL OUT SPECTRE MELTDOWN CHIP FLAW PATCH#
Intel says the patch will have "relatively minimal" performance costs in most cases, though for a few data center instances it could slow its chips down by as much as 8 or 9 percent.
#INTEL OUT SPECTRE MELTDOWN CHIP FLAW SOFTWARE#
A software patch for the attack clears all data from buffers whenever the processor crosses a security boundary, so that it can't be stolen and leaked. In a call with WIRED, Intel says its own researchers were the first to discover the MDS vulnerabilities last year, and that it has now released fixes for the flaw in both hardware and software. Like Meltdown and Spectre, the new MDS attack takes advantage of security flaws in how Intel chips perform speculative execution, a feature in which a processor guesses ahead of time at what operations and data it will be asked to execute, in order to speed up the chip's performance. You can test if your system is affected with a tool the researchers published here. Otherwise, all of Intel's chips that the researchers tested, going back as early as 2008, were affected. AMD and ARM chips don't appear to be vulnerable to the attacks, and Intel says that some models of chip it's released in the past month include a fix for the problem. But at the same time, the company has sought to downplay the severity of the bugs, according to the researchers, who warn that the attacks represent a serious flaw in Intel's hardware that may require disabling some of its features, even beyond the company's patch. Intel had asked all the researchers-who split into two groups working independently-to keep their findings secret, some for more than a year, until it could release fixes for the vulnerabilities. It's four distinct attacks, in fact, though all of them use a similar technique, and all are capable of siphoning a stream of potentially sensitive data from a computer's CPU to an attacker.
Today Intel and a coordinated supergroup of microarchitecture security researchers are together announcing a new, serious form of hackable vulnerability in Intel's chips. This time, it can allow attackers to eavesdrop on virtually every bit of raw data that a victim's processor touches. Now, some of those same researchers have uncovered yet another flaw in the deepest guts of Intel's microscopic hardware. But even as chipmakers scrambled to fix those flaws, researchers warned that they weren't the end of the story, but the beginning-that they represented a new class of security vulnerability that would no doubt surface again and again. More than a year has passed since security researchers revealed Meltdown and Spectre, a pair of flaws in the deep-seated, arcane features of millions of chip sold by Intel and AMD, putting practically every computer in the world at risk.
0 kommentar(er)
