Current location - Loan Platform Complete Network - Big data management - Intel chip exposed to "zombie load" vulnerability affects processors in many
Intel chip exposed to "zombie load" vulnerability affects processors in many

Wise Things (Public: zhidxcom) Editor | Wang Ying

Introduction: Intel has exposed another chip vulnerability that affects Kaby Lake, Coffee Lake, Whiskey Lake, and Cascade Lake chips, as well as all of its Atom and Knights processors. Atom and Knights processors.

Wisdom, May 15, Intel chips broke the news that there is a new class of vulnerabilities called ZombieLoad, which, if exploited, can be used to steal sensitive information directly from the processor.

Intel's Kaby Lake, Coffee Lake, Whiskey Lake, and Cascade Lake chips, as well as all Atom and Knights processors, are affected by ZombieLoad.

A "zombie load" is a lateral attack on Intel chips that allows hackers to effectively exploit design flaws rather than injecting malicious code to launch an attack. Intel said the zombie load consists of four vulnerabilities that researchers reported to the chipmaker a month ago.

Intel has now released microcode to patch vulnerable processors, including Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake, and Haswell chips.

A "zombie load," a volume of data that the processor cannot understand or process correctly, forces the processor to seek help from the processor's microcode to prevent crashes. Applications typically only see their own data, but this vulnerability allows data to flow through those boundary walls.

Researchers say that a "zombie load" would leak all the data currently loaded on the processor core. A patch for Intel's microcode would help clear the processor's buffers and prevent the data from being read.

In fact, the researchers showed in a proof-of-concept video that these vulnerabilities can be exploited to see which websites a person is visiting in real time, but they can also be easily exploited to obtain a logger's passwords or online accounts online.

Like Spectre and Meltdown, it's not just computers that are affected by "zombie loads," the cloud is vulnerable too. "Zombie loads can be triggered in virtual machines, which means isolating them from other virtual systems and their host devices.

Daniel Gruss, one of the researchers who discovered the latest round of chip flaws, said it works just like it does on PCs, reading data from the processor. This can be a major problem in cloud environments where virtual machines from different customers are running on the same server hardware.

They said that while there are no public reports of attacks, researchers can't rule it out or be sure that any attacks will leave traces.

This comes on the heels of Intel's early 2018 outbreaks of the serious vulnerabilities "Spectre" and "Meltdown," which exploited weaknesses in speculative execution, an important part of the workings of a modern processor that helps the processor predict to some extent what an application or operating system might need next or in the near future, so that the application can run faster and more efficiently. If needed, the processor will execute its predictions, and if not, the processor will discard them.

Both Spectre and Meltdown compromised sensitive data stored briefly in the processor, including secrets such as passwords, keys and account tokens, and private messages.

Now, Intel chips have been exposed to a new round of data breach vulnerabilities that have affected nearly every computer powered by Intel chips.

The focus of research on speculative execution and lateral attacks is still in its infancy. As more findings come to light, data theft attacks are likely to become easier to exploit and more efficient.

Other tech giants are also releasing patches as a first line of defense against possible attacks. Computer maker Apple, Microsoft, and browser maker Google have already released patches.

Intel said that, as with previous patches, the microcode update will have an impact on processor performance, and that most devices patched with the vulnerability could lose up to 3 percent of performance in a worst-case scenario, and up to 9 percent in a datacenter environment, but that it will not affect the average user in most cases.

Neither Intel nor Daniel Gruss and his team have released exploit code, so there is no immediate threat to the average user.

In the era of big data, people's information security is inextricably linked to the security of computer systems. In modern society, where technology is advanced and information circulates, and communication between people is getting closer and life is getting easier, big data is a product of this high-tech era.

But these convenient at the same time also accompanied by data security issues, computer system vulnerabilities are likely to pose a serious threat to our information security, the computer stores more and more information, and more and more important, the issue of data security has become critical.

Original article from: TechCrunch

Related articles
  • What is the difference between Seller Genie and Surge Software?
  • How to transliterate "Those Flowers" sung by Pu Shu?
  • How to count the number of clouds (Beijing) big data services Co.
  • Big data occupies land.
  • What is the difference between big data and cloud computing?
  • Big data bdax
  • Do you have to take the big data college to learn big data?
  • mem tuition list 2023
  • Three storage architectures in the era of big data
  • Aikawa Hui QR code turns blue

    • copyright 2024 Loan Platform Complete Network All rights reserved