By Darren Allan
A new security vulnerability has been found in Intel’s family of Core processors, along similar lines of the major Spectre bug that has been making headlines all year. Thankfully, this one appears to be less severe – and is already patched in modern versions of Windows and Linux.
The freshly-discovered hole is known as the ‘Lazy FP state restore’ bug, and like Spectre, it is a speculative execution side channel attack. Just a few weeks back, we were told to expect further spins on speculative execution attack vectors, and it seems this is one.
Intel explains: “Systems using Intel Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel.”
What that means is theoretically the flaw can be exploited to pilfer data from running applications, and worryingly, that potentially includes encryption operations, as ZDNet reports. All Intel Core chips are vulnerable regardless of the platform they’re running on.
Moderate severity
The good news is that severity of this attack is only rated as ‘moderate’ by Intel, as it’s tricky to exploit, and also easy to fix. Indeed, modern versions of both Windows and Linux – …read more
Source:: techradar.com – Computing Components