After Meltdown and Spectre, meet a new set of Intel chip flaws

Those who warned that the Meltdown and Spectre computer chip flaws revealed last year would trigger a new era of hardware vulnerability discovery were on to something. On Tuesday, Intel and a group of cybersecurity researchers published details on four new potential chip attacks that exploit the same “speculative execution” process, which is used to improve CPU performance, that was central to Meltdown and Spectre. The newly revealed security issues could allow attackers to steal sensitive data from a CPU in multiple ways. Like Meltdown and Spectre, there isn’t evidence these attacks have been executed in the wild, but the insecurities they reveal in micro-architectures demand attention from hardware owners. The colorfully named ZombieLoad attack, for example, would unearth private browsing history and leak information from a computer’s application, operating system and virtual machines in the cloud. The RIDL attack would leak information from different security buffers inside the Intel … Continue reading After Meltdown and Spectre, meet a new set of Intel chip flaws