Security News > 2020 > March > AMD Downplays CPU Threat Opening Chips to Data Leak Attacks
AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019.
AMD this weekend said it does not believe these are "New speculation-based attacks" and did not offer any mitigations: "We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," said AMD in a Saturday advisory.
In reverse engineering the L1D cache way predictor, researchers were able to detect when the data is accessed by various processes -and then use that knowledge to leak small pieces of data from the CPU. Researchers then created to two subset attacks as part of "Take A Way" that took advantage of this process, which they dubbed "Collide+Probe" and "Load+Reload.".
The "Take A Way" attack is similar to other side-channel attacks released in the past few years, starting with the disclosure of Spectre and Meltdown in 2018 and continuing with the discovery of a class of side channel vulnerabilities called "ZombieLoad," that impacted all modern Intel chips and used speculative execution to potentially leak sensitive data from a system's CPU. On Twitter, Gruss, said that the latest speculative execution attack is "Certainly not" as severe as Meltdown or ZombieLoad. He told Threatpost, a plausible attack would come from an unprivileged local attacker.
In its advisory this weekend AMD did not release new mitigations, instead pointing to other previously disclosed speculative execution attacks that leveraged L1D, and recommending that CPU users keep their operating systems up to date, follow secure coding methodologies and implement the latest patched versions of critical libraries.
News URL
https://threatpost.com/amd-downplays-cpu-threat-opening-chips-to-data-leak-attacks/153516/
Related news
- New ZenHammer memory attack impacts AMD Zen CPUs (source)
- New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs (source)
- New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data (source)
- New GoFetch attack on Apple Silicon CPUs can steal crypto keys (source)
- New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys (source)
- New GoFetch Vulnerability in Apple’s M Chips Allows Secret Keys Leak on Compromised Computers (source)
- Shopping platform PandaBuy data leak impacts 1.3 million users (source)
- Week in review: 73M customers affected by AT&T data leak, errors led to US govt inboxes compromise (source)
- Threat actors are raising the bar for cyber attacks (source)
- Home Depot confirms worker data leak after miscreant dumps info online (source)