Sign In

Communications of the ACM

ACM TechNews

Intel Patching the Patch for the Patch for 'Zombieload' Flaw


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Intel has yet to solve all of its speculative executions problems.

Intel plans to issue a third patch for the same vulnerability of its processors.

Credit: Getty Images

Intel said it will release yet another patch for a microarchitectural data sampling (MDS) vulnerability that allows hackers to fool microprocessors into exposing protected data.

The newest patch is intended to address MDS-based chip exploits that have persisted, despite two previous patches released last year.

Researchers and analysts disclosed the initial attack last May, following a warning to Intel nearly a year earlier.

Intel's first patch added a safeguard to the processors' microcode to delete sensitive data from the chip when it shifts between processes with different security privileges—but two other MDS attack variants remained viable.

Researchers said the persistence of MDS attacks suggests little effort on Intel's part to proactively identify new flaws or variations of existing vulnerabilities.

From Wired
View Full Article - May Require Paid Subscription

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found