Intel CPUs hit by SPOILER security vulnerability

Posted on Tuesday, March 05 2019 @ 16:43 CET by Thomas De Maesschalck
INTC logo
Another dangerous speculative execution vulnerability has been discovered in Intel's processors. Called SPOILER, the newly discovered vulnerability is present in all Intel CPUs starting from the first-gen Core processors and could allow cybercriminals to steal data from memory. It does not appear to be present in ARM and AMD processors.

The bug reveals critical information about physical page mappings to user space processes, and can be abused independent of the OS. It works from within virtual machines and sandboxed environments, and is hard to fix.
This security shortcoming can be potentially exploited by malicious JavaScript within a web browser tab, or malware running on a system, or rogue logged-in users, to extract passwords, keys, and other data from memory. An attacker therefore requires some kind of foothold in your machine in order to pull this off. The vulnerability, it appears, cannot be easily fixed or mitigated without significant redesign work at the silicon level.
The researchers from Worcester Polytechnic Institute in the US, and the University of L├╝beck in Germany, who discovered SPOILER, believe the issue can't be resolved via a microcode update without a massive performance impact. Computer scientist Ahmad Moghimi believes it may take Intel five years to roll out a path against this type of attack.

Full details at The Register.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments