Another Intel Flaw Exposed This Time By Adelaide University
Hours after arch rival AMD announced the all new the Ryzen Threadripper processor, which is to stir up the PC market Intel has been forced to admit to another processor flaw after a discovery by Adelaide University.
The vulnerability lets hackers extract confidential data from the memory wrapped around the US Companies SGX technology, which was introduced in 2015 explicitly to create a more secure enclave around chip memory. Companies that use this technology have been told that they could be exposed and that they need to immediately apply security patches.
Researchers discovered the vulnerability which is now known as L1TF and nicknamed Foreshadow several months ago.
It was independently discovered by two teams, one from the University of Adelaide, KU Leuven university in Belgium and another that included experts from the University of Michigan.
The US government’s Computer Emergency Readiness group warned on Tuesday that an attacker could exploit the flaw to obtain sensitive information.
Using Foreshadow, a cybercriminal could access anything in a chip’s memory, including sensitive data, passwords and keys to access the long-term memory.
An attacker would be able to copy the sensitive data in a secure enclave and then access it, the group said.
Flaws in hardware are much more difficult to fix than software and it is hard to use security software to protect against them being exploited. However, Foreshadow is hard to exploit compared to most hacks, researchers said.
Intel said it is not aware of any reports that malicious hackers have used the flaw.
Serious vulnerabilities nicknamed Meltdown and Spectre were identified in Intel chips at the start of 2018 and sent companies rushing to update their systems.
Like Meltdown and Spectre, Foreshadow exploits a feature designed to speed up chips, known as speculative execution.
The revelation of the new flaw comes after Intel was criticised for how it handled the reporting of Meltdown and Spectre, which became public before the developers of computer operating systems were finished producing fixes.
The flaw is potentially most significant for cloud service providers since, in a worst-case scenario, hackers could use it to hop between different customers’ cloud servers.
Amazon Web Services, the largest cloud company, said it had already deployed additional protections and that customers of its servers-on-demand service do not need to take any action.
Yesterday Advanced Micro Devices, Inc. AMD announced availability of the much-awaited second generation AMD Ryzen Threadripper 2990WX desktop processor.
The company also announced the availability of AMD Ryzen Threadripper 2950X processor featuring 32 threads and 16 cores from Aug 31, 2018. Meanwhile, AMD Ryzen Threadripper 2920X and 2970WX models are scheduled to be made available in October 2018.
The new Ryzen Threadripper processor is developed on 12nm Zen+ architecture. The chip is touted to be the highest-end chip featuring a whopping 32 cores and 64 threads, per PC Gamer. Higher core count of Threadripper 2990WX is expected to boost the competitive position of AMD against Intel INTC in the high-end desktop market (“HEDT”) considerably.