Solarquest

Moderator
Verified
Staff member
Malware Hunter
Time to reset your “days since last major chip vulnerability” counter back to zero.

Security researchers have found another flaw in Intel processors — this time it’s a new variant of the Zombieload attack they discovered earlier this year, but targeting Intel’s latest family of chips, Cascade Lake.

Intel calls the vulnerability Transactional Asynchronous Abort, or TAA. It’s similar to the microarchitectural data sampling vulnerabilities that were the focus of earlier chip-based side-channel attacks, but TAA applies only to newer chips.

The new variant of the Zombieload attack allows hackers with physical access to a device the ability to read occasionally sensitive data stored in the processor. The vulnerability is found in how the processor tries to predict the outcome of future commands. This technique, known as speculative execution, makes the processor run faster, but its flawed design makes it possible for attackers to extract potentially sensitive data.
...
...
 

blackice

Level 13
Verified
Time to reset your “days since last major chip vulnerability” counter back to zero.

Security researchers have found another flaw in Intel processors — this time it’s a new variant of the Zombieload attack they discovered earlier this year, but targeting Intel’s latest family of chips, Cascade Lake.

Intel calls the vulnerability Transactional Asynchronous Abort, or TAA. It’s similar to the microarchitectural data sampling vulnerabilities that were the focus of earlier chip-based side-channel attacks, but TAA applies only to newer chips.

The new variant of the Zombieload attack allows hackers with physical access to a device the ability to read occasionally sensitive data stored in the processor. The vulnerability is found in how the processor tries to predict the outcome of future commands. This technique, known as speculative execution, makes the processor run faster, but its flawed design makes it possible for attackers to extract potentially sensitive data.
...
...
Every time I read one of these vulnerabilities requires physical access I’m glad I primarily use a desktop for personal use. If somebody gets to that, my problems are probably bigger than what they can read in memory off my processor.