Intel processors are affected by Downfall, a security flaw that could allow malicious users to obtain sensitive and private user data from users’ computers, and the chipmaker is rolling out a fix to patch the vulnerability on affected systems. The flaw was discovered by a researcher in California and disclosed to Intel, allowing the company to fix the issue before details were posted online. Unlike the company’s latest chips, Intel’s older CPUs released in 2015 are currently vulnerable, and those models will receive a microcode update to fix a potential information leak.
The chip maker has distributed An article on Intel’s security website, which gave the vulnerability a “moderate” security rating, noted that the company will release firmware updates and software serials (the latter is optional) aimed at patching the security hole. Customers with PCs using Intel’s 6th Generation Skylake processors all the way through to 11th Generation Tiger Lake processors are affected by the security flaw. Alder Lake, Sapphire Rapids and Raptor Lake chips are not affected by the flaw.
Dubbing Daniel Moghimi, a security researcher at Google who discovered the flaw, said the flaw could push boundaries set by chipmakers for operating systems, virtual machines and Intel’s software protection extensions. Moghimi used the Gather instruction, which is used to more easily access data scattered across the device’s memory, to find bugs and develop a proof of concept, which it shared with the company so it could develop a fix.
researchers also explain The Downfall vulnerability can also bypass Intel’s previously released fixes for older flaws such as Meltdown and Microarchitectural Data Sampling (MDS). Intel is rolling out microcode updates to ensure that its older processors are protected from the vulnerability, which could allow attackers to steal arbitrary data from the Linux kernel, steal 128-bit and 256-bit AES keys from other users, and even spy on accessible Print characters. Moji Mi.
Moghimi said the Downfall exploit was “very practical” and it only took two weeks to develop an end-to-end attack to steal encryption keys for OpenSSL and open-source encryption libraries. Since the chips affected by the security flaw were released as early as 2014, users have been threatened by Downfall for at least 9 years.
“Security researchers working under controlled conditions in a research environment demonstrated a GDS issue that relies on software using Gather instructions. While carrying out such an attack outside of such controlled conditions would be complex, affected platforms can Mitigated via microcode update.Latest Intel processors, including Alder Lake, Raptor Lake, and Sapphire Rapids, are not affected.Many customers may decide to deliver via Windows and Linux operating systems and VMM after reviewing Intel’s risk assessment guidance The switches disable mitigations. In public cloud environments, customers should check with their provider about the availability of these switches,” an Intel spokesperson told Gadgets 360.
Svlook
