![]() “Intel believes these exploits do not have the potential to corrupt, modify or delete data.” “Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed,” Intel said. The company released a statement to the media, then followed up with a conference call. Intel said it was commenting in advance because of what it called “current inaccurate media reports,” though nothing in its statement denied those reports. The companies had planned to make the disclosure next week when the patches became available. The discovery led to hardware makers around the world responding to the vulnerability in a “responsible manner,” Smith said. “The processor is in fact operating as we designed it,” Smith told investors during the conference call. He also denied reports that the vulnerability was a flaw, or that it was specific to Intel. Steve Smith, one of the engineering leads at Intel who reported the company’s findings, added that no attacks using the vulnerability has been discovered in the wild. In each case, operating-system updates mitigated the problem. In fact, Intel and the researchers identified three variants, known as a “bounds check bypass,” “branch target injection,” and a “rogue data load,” all of which used slightly different methods of attack. That can give an attacker access to data it normally wouldn’t, though Intel has said that the data won’t be deleted or modified. What is a side-channel analysis exploit?Īccording to Intel, the exploit is a way for an attacker to observe the content of privileged memory, exploiting a CPU technique called speculative execution to circumvent expected privilege levels. ![]() Google, too, issued its own report on which of its products could be affected: These include Chrome and Android phones, though the latter will depend on how quickly phone makers roll out updates. At press time, Microsoft declined to comment on how it would proceed, though it is expected to release its own patches soon. Intel said that it would issue its own microcode updates to address the issue, and over time some of these fixes will be rolled into hardware. Two names, Spectre and Meltdown, are also being used to identify the vulnerabilities. The flaw was first discovered by Google’s Project Zero security team, says Intel, which Google confirmed. Intel, whose processors were the focus of an initial report from The Register, said that both ARM and AMD, as well as several operating system vendors, have been notified of the vulnerability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |