Last week, Intel and independent security researchers announced that Intel chips have another flaw that could potentially let hackers pull sensitive information from microprocessors. The researchers say that the flaw is vulnerable to four new attacks, each of which can capture information like encryption keys and passwords — the quintessential building blocks of security for nearly all computing devices. Wired, who also reported research on the issue, said the flaw affects millions of PCs.
The flaw is in the same family as the 2018 Meltdown and Spectre flaws and contains various similarities. The new vulnerabilities are built into Intel hardware and go by various names. ZombieLoad, Fallout, or RIDL are just some to name a few; the more technical name is Microarchitectural Data Sampling (MDS).
How you should respond to MDS is probably exactly what you expect: update your operating system when it asks you to and also make sure your browser is up to date — either can be a vector for these new attacks. Only devices running on Intel chips are affected (though it’s all of them between 2011 the release of fairly recent chips), so iOS devices and the vast majority of Android devices are safe. And it should also be said that there’s been no reported exploits taking advantage of these vulnerabilities in the wild.
Intel said in a statement that the best way to protect yourself from attacks targeting this flaw is to keep your system software updated. The flaw has been fixed on Intel Core processors from the 8th and 9th generation, as well as the Intel Xeon Scalable processor family’s 2nd generation. Other chips can be fixed with updates to software called microcode, which solve the problem without having to rewrite the hard coded features of a microprocessor.
Here are the MDS information pages from a bunch of big software vendors, all of whom have already provided patches or will do so in the very near future:
- Red Hat
The announcement indicates that this type of flaw, which was novel when reports of Meltdown and Spectre were first announced, is an area of intense research, and experts might continue to find serious chip flaws down the road. Intel and other chip makers face the challenge of addressing flaws that allow these kinds of attacks without sacrificing the performance of their microprocessors.
The company also released data on how its fixes to the flaw are affecting different processors’ performance.