Intel CPUs hit by SPOILER security vulnerability

Another dangerous speculative execution vulnerability has been discovered in Intel's processors. Called SPOILER, the newly discovered vulnerability is present in all Intel CPUs starting from the first-gen Core processors and could allow cybercriminals to steal data from memory. It does not appear to be present in ARM and AMD processors.

The bug reveals critical information about physical page mappings to user space processes, and can be abused independent of the OS. It works from within virtual machines and sandboxed environments, and is hard to fix.

This security shortcoming can be potentially exploited by malicious JavaScript within a web browser tab, or malware running on a system, or rogue logged-in users, to extract passwords, keys, and other data from memory. An attacker therefore requires some kind of foothold in your machine in order to pull this off. The vulnerability, it appears, cannot be easily fixed or mitigated without significant redesign work at the silicon level.

The researchers from Worcester Polytechnic Institute in the US, and the University of Lübeck in Germany, who discovered SPOILER, believe the issue can't be resolved via a microcode update without a massive performance impact. Computer scientist Ahmad Moghimi believes it may take Intel five years to roll out a path against this type of attack.

Full details at The Register.