Intel and AMD processors contain new security holes |
Researchers at the University of Virginia and the University of San Diego have discovered new vulnerabilities in Specter that could affect all modern Intel and AMD microprocessors.
The research team said that when the processor receives instructions from its microprocessor cache, hackers can steal the data.
Since all modern Intel processors (since 2011) and AMD (since 2017) use microprocessor memories, they are all vulnerable to virtual attacks.
The effects of the widespread Specter vulnerability, which affected many processors and devices, can still be felt in 2018.
According to the researchers, although the new version of the vulnerability is difficult to implement, its impact remains difficult to mitigate.
None of the current Specter metrics can withstand attacks in newer versions.
Before this information was released, researchers warned that Intel and AMD might have security flaws that could allow hackers to steal data on the device.
However, Intel and AMD have not released minor software updates or OS fixes and they may remain in this state because the nature of the potential attack and its mitigation measures are complex and require special attention.
Based on this information, the risk can be limited to direct attacks because it is very difficult to exploit vulnerabilities in caching microcomputers.
Basically, malware must bypass all other software and hardware security measures in modern systems before implementing any specific types of unconventional attacks.
For Intel and AMD, one of the biggest problems is that performance is affected by the mitigating measures the researchers identified.
The article's authors stated that this attenuation can lead to performance degradation and that the magnitude of this degradation is much greater than the size of previous attacks.
One way to mitigate is to clear the site-link level microcomputer cache. However, since modern processors need iTLB wipe in order to clear the microcomputer cache, frequent cleaning of these two processes is beneficial. This has a serious performance impact because the processor cannot do this. these. No progress will be made until iTLB is renewed.
The second method is to partition the cache of the microprocessor based on the permissions. However, as the number of protection zones increases, this division results in less use of the microprocessor cache, which removes many of its performance advantages.
It is not clear how these vulnerabilities in modern Intel and AMD processors can be easily exploited in the real world. Therefore, the risk can be limited to attacks by nation states.