SECURITY RESEARCHERS claim to have uncovered eight new “Spectre-class” vulnerabilities in Intel CPUs.
The flaws, first reported by German tech site Heise which said it has been given full technical details on the vulnerabilities and said Intrl had reserved Common Vulnerabilities and Exposures (CVE) numbers for them.
According to the website, Google’s Project Zero uncovered one of the flaws, which have been collectively named ‘Spectre Next Generation’ or ‘Spectre-NG’, and will publicly reveal it on 7 May, a day ahead of Microsoft’s Patch Tuesday.
Heise says Intel had classified four of the flaws as “high risk” and the rest as “medium”.
One of the most serious bugs could theoretically let attackers bypass virtual machine isolation from cloud host systems to steal sensitive data such as passwords and digital keys.
“Protecting our customers’ data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers,” wrote Leslie Culbertson, Intel executive vice president.
“We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations. As a best practice, we continue to encourage everyone to keep their systems up to date.”
Heise claims that some ARM CPUs are also vulnerable to Spectre NG, though notes that it remains unclear if AMD’s processors are also at risk, and if so, to what extent.
AMD said in a statement that it’s “looking into the matter and want to share information as appropriate, adding: “Security and protecting users’ data is of the utmost importance to AMD and we are aware of it speculative execution exploits.”
ARM has yet to comment on the report. µ
Source : Inquirer