Security News

Researchers have disclosed the details of a new speculative execution attack affecting many Intel processors, and they say this is the first vulnerability of this kind that allows hackers to obtain sensitive information across the cores of a CPU. The vulnerability was discovered by a team of researchers from Vrije Universiteit Amsterdam in the Netherlands and ETH Zurich in Switzerland. They initially reported their findings to Intel in September 2018 and nearly one year later they informed the tech giant about the possibility of cross-core leaks.

Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU's trusted execution environments. The second line of attack, dubbed CrossTalk by researchers from the VU University Amsterdam, enables attacker-controlled code executing on one CPU core to target SGX enclaves running on a completely different core, and determine the enclave's private keys.

Linus Torvalds has removed a patch in the next release of the Linux kernel intended to provide additional opt-in mitigation of attacks against the L1 data CPU cache. The patch from AWS engineer Balbir Singh was to provide "An opt-in mechanism to flush the L1D cache on context switch. The goal is to allow tasks that are paranoid due to the recent snoop-assisted data sampling vulnerabilities, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."

Linus Torvalds has removed a patch in the next release of the Linux kernel intended to provide additional opt-in mitigation of attacks against the L1 data CPU cache. The patch from AWS engineer Balbir Singh was to provide "An opt-in mechanism to flush the L1D cache on context switch. The goal is to allow tasks that are paranoid due to the recent snoop-assisted data sampling vulnerabilities, to flush their L1D on being switched out. This protects their data from being snooped or leaked via side channels after the task has context switched out."

Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. It also works seamlessly against non-Linux Operating Systems, like macOS. "Like any other cache attacks, flush based cache attacks rely on the calibration of cache latency," Biswabandan Panda, assistant professor at IIT Kanpur, told The Hacker News.

Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. It also works seamlessly against non-Linux Operating Systems, like macOS. "Like any other cache attacks, flush based cache attacks rely on the calibration of cache latency," Biswabandan Panda, assistant professor at IIT Kanpur, told The Hacker News.

Cadence Design Systems announced that it has broadened its long-standing collaboration with Arm to advance the development of mobile devices based on the Arm Cortex -A78 and Cortex-X1 CPUs. To drive Cortex-A78 and Cortex-X1 adoption, Cadence has delivered a comprehensive, digital full flow Rapid Adoption Kit that helps customers optimize power, performance, and area and boost overall productivity.

Intel has posted a fresh crop of firmware updates for security flaws in its chipsets. An information-disclosure flaw in data forwarding for Intel processors prompted an advisory and firmware update, as did the already disclosed LVI design flaw.

Many processors made by Intel are vulnerable to a newly disclosed type of attack named Load Value Injection, but the chip maker has told customers that the attack is not very practical in real world environments. A variation of the LVI attack, dubbed Load Value Injection in the Line Fill Buffers, was also reported to Intel by researchers at Bitdefender.

Cybersecurity researchers have found a vulnerability within Intel's data center CPUs that gives attackers the ability to inject rogue values in certain microarchitectural structures and steal information. Bogdan Botezatu, director of threat research and reporting at Bitdefender, said these attacks are "Particularly devastating in multi-tenant environments such as enterprise workstations or servers in the datacenter, where one less-privileged tenant would be able to leak sensitive information from a more privileged user or from a different virtualized environment on top of the hypervisor."