Security News

Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The Hacker News. Tracked as CVE-2020-0551, dubbed "Load Value Injection in the Line Fill Buffers" or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information-encryption keys or passwords-from the protected memory and subsequently, take significant control over a targeted system.

Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The Hacker News. Tracked as CVE-2020-0551, dubbed "Load Value Injection in the Line Fill Buffers" or LVI-LFB for short, the new speculative-execution attack could let a less privileged attacker steal sensitive information-encryption keys or passwords-from the protected memory and subsequently, take significant control over a targeted system.

AMD processors sold between 2011 and 2019 are vulnerable to two side-channel attacks that can extract kernel data and secrets, according to a new research paper. In a paper [PDF] titled, "Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors," six boffins - Moritz Lipp, Vedad Hadžić, Michael Schwarz, and Daniel Gruss, Clémentine Maurice, and Arthur Perais - explain how they reverse-engineered AMD's L1D cache way predictor to expose sensitive data in memory.

AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. AMD this weekend said it does not believe these are "New speculation-based attacks" and did not offer any mitigations: "We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," said AMD in a Saturday advisory.

AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. AMD this weekend said it does not believe these are "New speculation-based attacks" and did not offer any mitigations: "We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way," said AMD in a Saturday advisory.

Researchers have identified two new methods for attacking AMD processors, but they are not as dangerous as some of the previously disclosed CPU attacks. The Collide+Probe attack can also be launched remotely via a web browser without user interaction, which the experts have shown through an attack on ASLR. "We evaluated our new attack techniques in different scenarios. We established a high-speed covert channel and utilized it in a Spectre attack to leak secret data from the kernel," the researchers said.

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised. Intel CSME is a separate security micro-controller incorporated into the processors that provides an isolated execution environment protected from the host opening system running on the main CPU. It is responsible for the initial authentication of Intel-based systems by loading and verifying firmware components, root of trust based secure boot, and also cryptographically authenticates the BIOS, Microsoft System Guard, BitLocker, and other security features.

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised. Intel CSME is a separate security micro-controller incorporated into the processors that provides an isolated execution environment protected from the host opening system running on the main CPU. It is responsible for the initial authentication of Intel-based systems by loading and verifying firmware components, root of trust based secure boot, and also cryptographically authenticates the BIOS, Microsoft System Guard, BitLocker, and other security features.

Forget the infamous Meltdown and Spectre chip flaws from 2018, the problem that's tying down Intel's patching team these days is a more recent class of side channel vulnerabilities known collectively as ZombieLoad. These relate to a data leakage problem called Microarchitectural Data Sampling affecting Intel's speculative execution technology introduced in the late 1990s to improve chip performance. ZombieLoad was originally made public by researchers last May as part of a triplet of hypothetical issues which included two others, Fallout and Rogue In-Flight Data Load, affecting post-2011 Intel processors.

Researchers have identified a new speculative execution type attack, dubbed CacheOut, that could allow attackers to trigger data leaks from most Intel CPUs. The more serious of the two CacheOut bugs, tracked as CVE-2020-0549, is a CPU vulnerability that allows an attacker to target data stored within the OS kernel, co-resident virtual machines and even within Intel's Software Guard Extensions enclave, a trusted execution environment on Intel processors.