Published: Sat, May 18, 2019
IT | By Lester Massey

New Intel security flaws could slow some chips by nearly 20%

New Intel security flaws could slow some chips by nearly 20%

In the case of these new bugs, updating everything is the best thing you can do right now.

Last year, security researchers uncovered flaws in Intel chips known as Spectre and Meltdown, which could, in theory, allow hackers to steal data such as passwords from affected systems. The vulns affect Intel Core chips from 2008 onwards, with only some eighth and ninth-generation chips immune to the exploits.

The colorfully named ZombieLoad attack, for example, would unearth private browsing history and leak information from a computer's application, operating system and virtual machines in the cloud. Researchers say it's hard or impossible to tell because, unlike most other kinds of hacking, exploitation of these flaws may not leave any traces. In brief, the Zombieload Attack allows the stealing of sensitive data and keys while your computer accesses them. The name ZombieLoad comes from the term "zombie load" which refers to an amount of data that the processor can't understand. The chipmaker said Tuesday, May 14, 2019, that there's no evidence of bad actors exploiting the bug, which is embedded in the architecture of computer hardware.

The discovery of new CPU flaw isn't surprising, given that researchers have continued to pummel modern processors looking for more vulnerabilities (see: Expect More Cybersecurity "Meltdowns").

But Apple has warned that applying the software fix to its Mac computers can reduce performance by up to 40 per cent, while Intel has demonstrated a computer running at 81 per cent of its previous speed when running programs written in the Java computer language.

"MDS may allow a malicious user who can locally execute code on a system to infer the values of protected data otherwise protected by architectural mechanisms", Intel says in a technical deep dive. Other affected products can be mended via microcode and operating system hypervisor updates that will be made available starting Tuesday.

According to the research paper, disabling hyperthreading might be the only way to completely prevent being at risk of a Zombieload attack. "We hear anything that these components exchange".

Intel expects that consumer devices could see a 3 percent performance decline, while data centers could see as much as a 9 percent impact.

Although there is no indication one way or the other as to whether this has ever been exploited in the wild, the smart move is to update quickly and often in order to protect yourself as best you can.

Like this: