Serious design flaw 'affects all Intel chips from the last decade'

But an OS-level fix could drastically affect device performance - report

A serious design flaw reportedly present in all Intel's CPUs made in the last 10 years could leave devices vulnerable to hackers, requiring an operating system (OS) update in order to fix it.

The flaw allegedly affects all systems running Intel x86 chips and is present across all popular operating systems, including Windows, Linux, and macOS, but is currently under embargo, meaning the full details of the bug are yet to be officially announced. 

Advertisement - Article continues below

The bug allows normal user programs, such as database applications and JavaScript in web browsers, to distinguish some of the layout or contents of protected kernel memory areas of the chips, according to The Register, which uncovered the vulnerability.

However, the major problem for users is that a patch to the flaw will actually cause significant declines in performance for the affected machines, the publication said. These slow-downs could impact performance by as much as 30%, depending on the task and the processor model, but they're reportedly still being benchmarked.

The full details of the bug are expected to be revealed later this month. Microsoft is also expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday this month, after seeding them to beta testers running fast-ring Windows Insider builds in November and December.

Advertisement
Advertisement - Article continues below

A software developer who runs a popular Tumblr called Python Sweetness, has blogged about the potential trouble this flaw could cause once it's made official. They warned that "from everything I've seen, including the vendors involved, many fireworks and much drama is likely" when the embargo lifts. 

Advertisement - Article continues below

"In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualisation environments including Amazon EC2 and Google Compute Engine, and additional hints the exact attack may involve a new variant of Rowhammer," they explained.

"I would not be surprised if we start 2018 with the release of the mother of all hypervisor privilege escalation bugs, or something similarly systematic as to drive so much urgency, and the presence of so many interesting names on the patch set's CC list."

An Intel spokesperson said that "many different vendors and operating systems" are vulnerable to the bug.

They added: "Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. 

"Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied."

Picture: Bigstock

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020
Visit/security/internet-security/355228/mozilla-fixes-two-firefox-zero-days-being-actively-exploited
internet security

Mozilla fixes two Firefox zero-days being actively exploited

6 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020