Latest in Gear

Image credit: ullstein bild Dtl. via Getty Images

Install updates now to address a vulnerability in most Intel CPUs

Four new exploits work against most of Intel's chips made since 2011.
761 Shares
Share
Tweet
Share
Save

Sponsored Links

ullstein bild Dtl. via Getty Images

In January 2018, a pair of security exploits dubbed Spectre and Meltdown showed how attackers could take advantage of commonly-implemented CPU technology to access data they shouldn't have been able to. They were followed by a similar bug, Foreshadow, late last year, and now researchers have uncovered four different techniques that exploit Intel's speculative execution technology in a similar way.

The website CPU.fail has collected information about each vulnerability -- they're collectively referred to as Microarchitectural Data Sampling (MDS) -- including Zombieload, RIDL & Fallout, and Store-to-Leak Forwarding. Example code shows how the attacks could be launched using malicious JavaScript, for example, and researchers state that it would be difficult for antivirus software to detect it, however they have not found evidence of anyone using the tech in attacks so far.

If you have a computer using an Intel CPU released since 2011 then congratulations -- you've likely won a vulnerability, since only "select" 8th and 9th gen Core CPUs as well as 2nd generation Xeon Scalable CPUs have hardware protection against the attacks.

Patching the holes will require a combination of firmware updates and software updates. macOS, Windows, ChromeOS and Linux already have software updates to address MDS attacks, while Intel has also released microcode updates for some of its hardware (PDF) that you should get through motherboard and system vendors. Just like Spectre and Meltdown, the fixes are expected to impact performance -- you can get more information on how much right here.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
761 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
B&H sale cuts up to $350 off Apple's 2019 iMacs

B&H sale cuts up to $350 off Apple's 2019 iMacs

View
NVIDIA's latest GPU drivers pack a speed boost for 'Apex Legends'

NVIDIA's latest GPU drivers pack a speed boost for 'Apex Legends'

View
The latest 'Fortnite' weapon lets you drop heavy stuff on opponents’ heads

The latest 'Fortnite' weapon lets you drop heavy stuff on opponents’ heads

View
ThinkPad X1 Carbon review (2019): Sometimes it’s good to be boring

ThinkPad X1 Carbon review (2019): Sometimes it’s good to be boring

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr