Security News

A group of computer scientists has identified an architectural error in certain recent Intel CPUs that can be abused to expose SGX enclave data like private encryption keys. The bug affects recent Intel CPUs based on the company's Sunny Cove microarchitecture, the authors say.

The enterprise-grade Titan M security chip was custom built to help protect data. Derived from the same chip Google uses to protect its cloud data centers, it handles processes and information, such as passcode protection, encryption, and secure transactions in apps.

Older AMD and Intel chips are vulnerable to yet another Spectre-based speculative-execution attack that exposes secrets within kernel memory despite defenses already in place. "Unlike its siblings, who trigger harmful branch target speculation by exploiting indirect jumps or calls, Retbleed exploits return instructions," explained Wikner and Razavi in a draft blog post about the design bug provided to The Register.

This is a new vulnerability against Apple's M1 chip. Researchers from MIT's Computer Science and Artificial Intelligence Laboratory have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature.

Apple's M1 chip has been found to contain a hardware vulnerability that can be abused to disable one of its defense mechanisms against memory corruption exploits, giving such attacks a greater chance of success. MIT CSAIL computer scientists on Friday said they have identified a way to bypass the M1 chip's pointer authentication, a security mechanism that tries to prevent an attacker from modifying memory references without being detected.

A critical security flaw has been uncovered in UNISOC's smartphone chipset that could be potentially weaponized to disrupt a smartphone's radio communications through a malformed packet. "Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location," Israeli cybersecurity company Check Point said in a report shared with The Hacker News.

Check Point found attackers could transmit a specially designed radio packet to a nearby device to crash the firmware, ending that equipment's cellular connectivity, at least, presumably until it's rebooted. UNISOC is a 21-year-old chip designer based in China that spent the first 17 years of life known as Spreadtrum Communications, and that by 2011 was supplying chips for more than half of the mobile phones in the country.

Critical flaw found inside the UNISOC smartphone chip. Check Point Research has identified what it is calling a critical security vulnerability in UNISOC's smartphone chip, which is responsible for cellular communication in 11% of the world's smartphones.

Trouble is brewing over moves by Taiwan to prevent China from gaining access to its chip technology, as the island nation proposes tougher laws to deter the leaking of trade secrets outside the country. China has reportedly hit back after Taiwanese Premier Su Tseng-chang called this week for a speedier introduction of legislation designed to protect the local semiconductor industry from what it sees as Chinese industrial espionage.

The Register broke the Meltdown story on January 2, 2018, as Intel and those who confidentially reported the security vulnerability were preparing to disclose them. To defend against Meltdown and Spectre, Intel and other affected vendors have had to add software and hardware mitigations that for some workloads make patched processors mildly to significantly slower.