Security News

A new research has yielded yet another means to pilfer sensitive data by exploiting what's the first "On-chip, cross-core" side-channel attack targeting the ring interconnect used in Intel Coffee Lake and Skylake processors. While information leakage attacks targeting the CPU microarchitecture have been previously demonstrated to break the isolation between user applications and the operating system, allowing a malicious program to access memory used by other programs, the new attack leverages a contention on the ring interconnect.

Google on Friday released proof-of-concept code for conducting a Spectre-based attack against its Chrome browser to show how web developers can take steps to mitigate browser-based side-channel attacks. The code, posted to GitHub, demonstrates how an attacker can pull data from device memory at speed of 1kB/s when running on Chrome 88 on an Intel Skylake CPU. According to Google, the attack should work on other browsers, even those running on Arm-based Apple M1 chips.

A team of researchers from the University of Illinois at Urbana-Champaign has published a paper detailing a new side-channel attack method that can be launched against devices with Intel CPUs. Following the disclosure of the Meltdown and Spectre vulnerabilities back in January 2018, researchers have increasingly focused on finding CPU side-channel attack methods - and in many cases they have been successful.

Doctoral student Riccardo Paccagnella, master's student Licheng Luo, and assistant professor Christopher Fletcher, all from the University of Illinois at Urbana-Champaign, delved into the way CPU ring interconnects work, and found they can be abused for side-channel attacks. "It is the first attack to exploit contention on the cross-core interconnect of Intel CPUs," Paccagnella told The Register.

Microsoft has released a new set of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix bugs impacting multiple Intel CPU families. Microcode updates are released by Intel after discovering bugs in their CPUs to allow OS vendors to patch the CPU behavior to address or at least partially mitigate the issues.

Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches. The January 2021 Critical Patch Update addresses issues in both Oracle products and third-party components that are included in the company's products, with some of the patches meant to address multiple vulnerabilities, some reported more than a year ago.

Intel announced today at CES 2021 that they have added hardware-based ransomware detection to their newly announced 11th generation Core vPro business-class processors. These hardware-based detections are accomplished using Intel Threat Detection Technology and Hardware Shield that run directly on the CPU underneath the operating system and firmware layers.

Conceptually, the Pluton architecture is an extension of hardware security work that Microsoft started in 2013 with onboard anti-piracy protections for the Xbox One console, though in case that sounds dangerously consumerish the firm is also keen to say the same approach was ported across to Arm-based system-on-chip IoT thingy Azure Sphere too. Future CPU designs from AMD, Intel, and Qualcomm will incorporate Pluton technology, with all three chipmakers queuing up to dutifully say what a great idea this is: "We believe an on-die, hardware-based Root-of-Trust like the Microsoft Pluton is an important component in securing multiple use cases and the devices enabling them," stated Asaf Shen, Qualcomm's senior director of product management in a prepared remark.

Google is currently working on fixing a known issue causing a Google Chrome web browser version launched earlier today for Apple processors to suddenly crash. "Earlier today we updated our Chrome download page to include a new version of Chrome optimized for new macOS devices featuring an Apple processor," Chrome Support Manager Craig Tumblison said.

Google is currently working on fixing a known issue causing a Google Chrome web browser version launched earlier today for Apple processors to suddenly crash. "Earlier today we updated our Chrome download page to include a new version of Chrome optimized for new macOS devices featuring an Apple processor," Chrome Support Manager Craig Tumblison said.