Report: Intel Facing New Spectre-Like Security Flaws
Intel may be facing as many as eight new Spectre-level vulnerabilities in its chips, a German magazine alleges. Continue reading Report: Intel Facing New Spectre-Like Security Flaws
Category Archives: chip flaw
What’s worse? The AMD chip flaws or the disclosure process?
A small cybersecurity company and research group is publicly reporting major, Meltdown-style vulnerabilities in chips made by AMD, yet the disclosure itself has sent security researchers into a frenzy about possible ulterior motives. CTS Labs, an Israeli cybersecurity company that purportedly focuses on hardware, launched a website and released a white paper on Tuesday describing 13 security flaws in AMD’s EPYC, Ryzen, Ryzen Pro and Ryzen processors. The chips are used in laptops, mobile devices and servers. The vulnerabilities reportedly include backdoors that would allow attackers to inject malicious code onto AMD’s chips. Such malware could allow attackers to take complete control of AMD processors, steal network credentials, install malware and read and write on protected memory areas, among other risks. CTS Labs released the vulnerability information on a public website, amdflaws.com, saying it released the findings for the sake of public awareness. “In particular, we urge the community to pay closer attention to […]
The post What’s worse? The AMD chip flaws or the disclosure process? appeared first on Cyberscoop.
Continue reading What’s worse? The AMD chip flaws or the disclosure process?
Intel faces 32 class action suits stemming from Spectre and Meltdown
Intel is fighting 32 class action lawsuits related to major security vulnerabilities in its chips that were disclosed in January, the company said in an annual filing with to the Securities and Exchange Commission on Friday. The filing says that as of Feb. 15, there are 30 class action lawsuits on behalf of customers and two on behalf of shareholders, all resulting from the nature of the disclosure of Meltdown and Spectre. About six months elapsed from the flaws’ discovery in June until their public disclosure. The company says the lawsuits are filed in U.S. federal and state courts and in some cases courts in other countries. Meltdown and Spectre are deep-rooted flaws in computer central processing units that can allow hackers to steal sensitive information undetected. The flaws are present in CPU chips dating back to the mid-1990s. The customer lawsuits “generally claim to have been harmed by Intel’s actions and/or […]
The post Intel faces 32 class action suits stemming from Spectre and Meltdown appeared first on Cyberscoop.
Continue reading Intel faces 32 class action suits stemming from Spectre and Meltdown
Microsoft rushes Windows patch disabling Intel’s Spectre fixes due to instability
Microsoft issued a new security update over the weekend to disable Intel’s buggy firmware fixes for Spectre, the two-decade-old chip flaw that allows attackers to steal private data from affected machines. The update, issued Saturday, is the second out-of-band security update Microsoft issued this month. It comes after Intel warned enterprise customers to skip their buggy patches because of instability, data loss, corruption and unwanted reboots. Intel has promised more stable patches in the near future and next-generation chips that fix the root of the Meltdown and Spectre vulnerabilities. Those patches will be released some time in 2018. Until then, there appears to be no complete fix possible for Spectre until those chips are created. Meltdown is numbered CVE-2017-5754. The two Spectre attacks are CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2). Meltdown and Spectre variant 1 are fixed with software patches. Users are not so lucky with Spectre variant 2. “While Intel tests, updates […]
The post Microsoft rushes Windows patch disabling Intel’s Spectre fixes due to instability appeared first on Cyberscoop.
Continue reading Microsoft rushes Windows patch disabling Intel’s Spectre fixes due to instability
Congress wants answers on embargo of Spectre and Meltdown information
Lawmakers on the House Committee on Energy and Commerce have sent letters to various CEOs at top tech companies asking why information about massive computer chip vulnerabilities was held under embargo for months. The letters focus on the Spectre and Meltdown bugs, deep-rooted flaws in chips produced by leading computer hardware companies that could allow hackers to access steal sensitive data from machines created as far back as 1995. Co-authored by panel Chairman Greg Walden, R-Ore., and members Marsha Blackburn, R-Tenn., Bob Latta, R-Ohio, and Gregg Harper, R-Miss., the letters request answers about why the bugs weren’t disclosed when the companies learned about them in June 2017. The committee has jurisdiction over technology issues. Information about the flaws was supposed to go public in late January, but security researchers tweeted proof-of-concept code before the companies were ready to make announcements. That tweet lead to wider public scrutiny, forcing the companies involved to […]
The post Congress wants answers on embargo of Spectre and Meltdown information appeared first on Cyberscoop.
Continue reading Congress wants answers on embargo of Spectre and Meltdown information
Industry braces for critical Intel security flaw impacting a decade’s worth of chips
A critical security flaw in Intel processors will require an overhaul of operating system kernels after research found that at least a decade’s worth of chips could be impacted by the vulnerability. The flaw, which affects most Intel processors built over the last 10 years, allows commonly used programs to read the contents or layout of a computer’s protected kernel memory areas. That area can contain passwords and other fundamentally sensitive files hidden from other software. In a worst case scenario, some JavaScript in a web browser could be used to seek out and find some of a machine’s most sensitive data. The forthcoming patches to Linux, Windows and MacOS will result in degraded performance to a number of machines. On various security and hardware message boards, users reported a performance reduction between five and 30 percent. That drop off would disproportionately hurt the vast majority of data centers and cloud infrastructure running […]
The post Industry braces for critical Intel security flaw impacting a decade’s worth of chips appeared first on Cyberscoop.