New security vulnerabilities in Intel processors

May 16, 2019 //By Christoph Hammerschmidt
ZombieLoad and Store-to-Leak Forwarding found in Intel processors
Researchers at Graz University of Technology have revealed new vulnerabilities in Intel processors – namely ZombieLoad and Store-to-Leak Forwarding. The research team, which was also involved in the discovery of the serious security vulnerabilities Meltdown and Spectre last year claims that, once again updates and security solutions are necessary to solve the newly discovered security problems.

ZombieLoad and Store-to-Leak Forwarding are the new attack methods that the Graz University of Technology security researchers Daniel Gruss, Moritz Lipp and Michael Schwarz from the Institute for Applied Information Processing and Communication Technology at Graz University of Technology (Austria) and an international team have just published. The three computer scientists, together with Graz University of Technology Professor Stefan Mangard, were already involved in the discovery of the serious security gaps Meltdown and Spectre, found in Intel processors, last year.

ZombieLoad uses a similar mechanism as Meltdown: to work faster, computer systems prepare multiple steps in parallel and then discard those that are either not needed or do not have the necessary access rights. However, the access rights check only happens after the sensitive calculation steps based on assumptions of the computer system have already been worked through in advance. "In this short moment between code execution and check, we can with the new attack see the already loaded data from other programs," Gruss explains. In this way, researchers can read what is currently being done on the computer in plain text. ZombieLoad affects all processors developed by Intel between 2012 and early 2018.

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.