More Challenges for Intel Hardware Product Security
More Challenges for Intel Hardware Product Security


351665157-f47352b2767e211fae3962d026e0278d6e96f4ff54c462a9f8e17ea8eb0b3baf.jpeg

New CPU Vulnerabilities Discovered

RIDL/ZombieLoad and L1DES/CacheOut are just the latest variants of vulnerabilities discovered in Intel CPU’s that target Micro-architectural Data Sampling (MDS) weaknesses. Discovered over 7 months ago, researchers responsibly informed Intel, and kept the information confidential at Intel’s request, to give the CPU maker time to prepare patches. Reports indicate that Intel is still working on fixes, but may have another patch(s) ready very soon to protect their products.

Hacking hardware, like the Central Processing Unit (CPU) is especially problematic for security as such vulnerabilities reside below the operating system and typically outside the view of cybersecurity products. It can take much longer than software flaws to develop, test, and deploy.  Additionally, patching hardware with new microcode is especially difficult as it can have serious repercussions to the system.  In the past, customers complained about unacceptable performance impacts with previous security fixes, and researchers complained that some of the mitigations were insufficient, resulting in customers remaining vulnerable.

 

Wired magazine did a great write-up: https://www.wired.com/story/intel-zombieload-third-patch-speculative-execution/


Matthew Rosenquist
Matthew Rosenquist

Cybersecurity Strategist specializing in the evolution of threats, opportunities, and risks in pursuit of optimal security for our digital world.


Cybersecurity Tomorrow
Cybersecurity Tomorrow

Cybersecurity strategy perspectives for the emerging risks and opportunities of securing our digital world. The insights of today will lead to tomorrow's security, privacy, and safety foundations.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.