Intel Admits To Flaws In Its Processor Which Could Help Hackers

Popular American chipset manufacturer, Intel, last week confirmed the existence of a set of processor flaw that can allow hackers to steal information from a personal computer or even from cloud-based storage spaces of third-party apps.

A look at the vulnerability:

It was earlier reported that researches at the tech giant had found this vulnerability way back in January. After much-needed testing, the company has officially disclosed that there are three different types of these vulnerabilities.

The company announced this via a blog post. The blog post also mentioned that updates that were released earlier this year and new updates that have now been released will help users from protecting themselves against any issues. The statement read “We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices”.

Three different vulnerabilities – L1TF:

The company has confirmed that these are of three types and have termed the flaws as L1TF, which is short for L1 Terminal Fault. These vulnerabilities have the potential to impact the operating system, virtualization software as well as other microprocessors that may be a part of the desktop.

All three vulnerabilities are execution side problems. The first one affects Intel’s software guard extensions,

while the second one can affect operating systems as well as the system management mode. The third one, which is slightly more critical, affects the hypervisor software that is used to set up Virtual Machines.

Intel has confirmed that the first two vulnerabilities can be fixed with the help of the updates that have been released. On the other hand, the third vulnerability affects only certain types of users such as data centres and for these users, additional security measures must be taken to prevent any issues.

All three vulnerabilities have the same modus operandi, but target different segments to attack. They try to target access to the L1 data cache, which is a small memory built-in a processor. The L1 data cache stores temporary information such as what the processor is about to do next and is integral to the functioning of the processor.

Those that would be running non-virtualized machines, like independent systems will not face many problems on account of this issue, as the updates will take care of them. Even for those running a Virtual Machine, like for business and enterprise users, the level of threat assigned by the tech major is “low”.

RDP Thinbook with 11.6-inch Display, Intel Quad Core x5-Z8350 Processor Launched for Just Rs.10,999

According to the company the researchers had brought the flaws to their attention and the potential harm that it can cause earlier this year. The researchers have termed the attack as “Foreshadow”. Since the L1TF issue affects Intel’s SGX (Software Guard Extensions) feature and according to the researchers, the Meltdown and Spectre discoveries directly led to checking the SGX. Daniel Genkin, who is a system security researcher and a part of the team employed by Intel, said “When you look at what Spectre and Meltdown did not break, SGX was one of the few things left. SGX was mostly spared by Spectre, so it was the logical next step.”

Intel’s Bounty Program:

Intel has also expanded its bounty program for Meltdown and Spectre, as more researchers can now find it attractive to work on these vulnerabilities. The company has also provided a full list of devices/products that are affected by this new vulnerability so that users can identify them and follow the necessary procedures to mitigate any risks that may arise out of them.

Intel Launches New Line of MiniComputers Powered by Coffee Lake Processor

The post Intel Admits To Flaws In Its Processor Which Could Help Hackers appeared first on MySmartPrice.

from MySmartPrice https://ift.tt/2BMM34C