New ‘Spoiler’ Intel Security Vulnerability Is Found
Mike Sanders / 3 months ago
Intel ‘Spoiler’ Vulnerability
Throughout most of 2018, Intel was having to deal with a rather disturbing security flaw with their processor design. In it’s simplest terms, two differing flaws were found called ‘Spectre’ and ‘Meltdown’.
While the jury was out as to how much of a risk these posed to your ‘average’ user, there was more than a little bit of an issue here. Particularly since the flaws were build so deep into the hardware. Thankfully, patches and updates have arrived via firmware updates to plug the gaps, but it seems in a report via DSOGaming, that a fresh vulnerability has just been discovered.
What Is It?
Researchers at the Worcester Polytechnic Institute and the University of Lübeck have discovered a new vulnerability called ‘Spoiler’. This is an issue which, basically, effects every Intel processor.
The team has released a statement in which they say:
“The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments.
The root cause of the issue is that the memory operations execute speculatively and the processor resolves the dependency when the full physical address bits are available. Physical address bits are security sensitive information. And if they are available to
user space, it elevates the user to perform other micro architecturalattacks.”
Can It Be Fixed?
The research team believes that this flaw is buried so deep within the design that a software update wouldn’t be able to correct it. They believe that the issue runs as deep as the architecture.
Intel doesn’t, however, believe to this to be the case:
“Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us. And we appreciate the efforts of the security community for their ongoing research.”
What About AMD?
Well, unlike Meltdown and Spectre, the good news is that this specific vulnerability doesn’t seem to have any impact on AMD processors. As such, Team Red members, at least in this instance, can rest easy!
While we don’t think this necessarily poses any risk to Intel owners either, it’s certainly worth keeping an eye on.
What do you think? – Let us know in the comments!