The flaw is similar to Spectre and affects Intel CPUs all the way back to the first generation of Core CPUs.
Highlights
- Security researchers have discovered a new vulnerability in Intel Chips.
- The vulnerability is called Spoiler.
- Intel was made aware of Spoiler in December.
Security researchers at Worcester Polytechnic Institute and the University of Lübeck have published a paper outlining a vulnerability on Intel processors. The vulnerability only affects Intel chips and not AMD or ARM chips. The vulnerability affects Intel chips all the way back to the first generation of Core CPUs. According to the researchers, the potential attack vector is similar to Spectre, but not subject to the same mitigations. Just to be clear, Spectre and Spoiler are 2 different attacks.
The vulnerability affects “Speculative execution”. According to Wikipedia, Speculative execution “is an optimization technique where a computer system performs some task that may not be needed. Work is done before it is known whether it is actually needed, so as to prevent a delay that would have to be incurred by doing the work after it is known that it is needed. If it turns out the work was not needed after all, most changes made by the work are reverted and the results are ignored. The objective is to provide more concurrency if extra resources are available. This approach is employed in a variety of areas, including branch prediction in pipelined processors, value prediction for exploiting value locality, prefetching memory and files, and optimistic concurrency control in database systems.”
The researchers say that how a PC’s memory works could be exploited by Spoiler. This could expose data from running programs. According the the researchers the only way to completely protect a system from Spoiler is by redesigning the silicon. This could be at the expense of overall performance. The researchers said, "There is no software mitigation that can completely erase this problem."
Intel was made aware of Spoiler in December. Intel told PC gamer, "Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research."
Read More:
Intel makes Thunderbolt 3 royalty-free, will be the foundation for upcoming USB4 standard
Acer deemed as 2018's top PC gaming laptop brand in terms of units shipments by IDC
AMD Radeon VII graphics card launched at Rs 54,990
Follow Us
Digit NewsDesk
Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile
