MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
intel
Search

New secret-spilling flaw affects almost every Intel chip since 2011; Apple to release patches today

Tuesday May 14, 2019. 09:33 PM , from Mac Daily News
“Security researchers have found a new class of vulnerabilities in Intel chips which, if exploited, can be used to steal sensitive information directly from the processor,” Zack Whittaker reports for TechCrunch. “The bugs are reminiscent of Meltdown and Spectre, which exploited a weakness in speculative execution, an important part of how modern processors work… Both Meltdown and Spectre leaked sensitive data stored briefly in the processor, including secrets — such as passwords, secret keys and account tokens, and private messages.”
“‘ZombieLoad,’ as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code,” Whittaker reports. “Intel said ZombieLoad is made up of four bugs, which the researchers reported to the chip maker just a month ago. Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks.”
“The researchers showed in a proof-of-concept video that the flaws could be exploited to see which websites a person is visiting in real-time, but could be easily repurposed to grab passwords or access tokens used to log into a victim’s online accounts,” Whittaker reports. “Intel has released microcode to patch vulnerable processors, including Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake and Haswell chips. Intel Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake chips are also affected, as well as all Atom and Knights processors. Computer makers Apple and Microsoft and browser makers Google have released patches, with other companies expected to follow.”
Read more in the full article here.
MacDailyNews Take: Yet another reason for Apple to dump Intel’s defective chips and move Macs to vastly more efficient and secure Apple-designed solutions.
When flawed, insecure, and therefore defective products are sold to consumers, recalls and/or recompense are the proper responses. — MacDailyNews, January 4, 2018

CERT: The only way to fix the Meltdown and Spectre vulnerabilities is to replace the CPU. Intel et al. are going to try to sell us on a software bandaid instead of really fixing the problem properly. Watch and see. https://t.co/OeC2AoPdlK #Intel #AMD #ARM
— MacDailyNews (@MacDailyNews) January 4, 2018

SEE ALSO:
Macs may need ARM processors to survive – April 17, 2019
Researchers reveal new ‘Spoiler’ vulnerability in all Intel Core processors – March 6, 2019
Intel discloses new ‘Variant 3a’ and ‘Variant 4’ Spectre-like chip flaw vulnerabilities – May 22, 2018
Intel’s Spectre patch is causing reboot problems – January 12, 2018
In wake of Spectre and Meltdown, Intel CEO offers open letter, looks to restore confidence in Intel CPU security – January 11, 2018
Apple releases iOS and macOS updates with a mitigation for Spectre CPU flaw – January 8, 2018
Meltdown and Spectre: What Apple users need to know – January 8, 2018
How Apple product users can protect themselves against Spectre and Meltdown CPU flaws – January 5, 2018
Intel’s CEO Brian Krzanich sold off the majority of his shares after finding out about the irreparable chip flaws – January 4, 2018
Apple: All Mac systems and iOS devices are affected by Meltdown and Spectre security flaws – January 4, 2018
CERT: Only way to fix Meltdown and Spectre vulnerabilities is to replace CPU – January 4, 2018
Security flaws put nearly every modern computing device containing chips from Intel, AMD and ARM at risk – January 4, 2018
Apple has already partially implemented fix in macOS for ‘KPTI’ Intel CPU security flaw – January 3, 2018
Intel’s massive chip flaw could hit Mac where it hurts – January 3, 2018
https://macdailynews.com/2019/05/14/new-secret-spilling-flaw-affects-almost-every-intel-chip-since-2...

Related News

News copyright owned by their original publishers | Copyright © 2004 - 2019 Zicos / 440Network
Current Date
May, Tue 21 - 15:21 CEST