According to a publication of the German tech websiteσελίδας heise.de, οι επεξεργαστές της Intel επηρεάζονται από οκτώ νέες vulnerabilities “Specter-class”.
The website says that the bugs have already been assigned CVE IDs and that at least one of them will be disclosed by Google's Project Zero on May 7, a day before the Patch Tuesday of Microsoft.
The site reports that it has concrete evidence that Intel processors are vulnerable to new vulnerabilities and that AMD processors may also be vulnerable. According to the publication, it is now reported that further investigations are being conducted on the latter.
Meanwhile, Intel issued a statement entitled "Troubleshooting Additional Security Issues".
"Protecting our customers' data and ensuring the safety of our products are critical priorities for us. We work closely with customers, partners, other chip makers and researchers to understand and mitigate any issues identified, ”says Leslie Culbertson, Intel vice president.
We strongly believe in the value of coordinated disclosure and we will share additional details about possible issues as we complete our investigations. As a best practice, we continue to encourage everyone to keep their systems up to date.
According with Heise, four of the vulnerabilities points έχουν χαρακτηριστεί “υψηλού κινδύνου” και, όπως συμβαίνει με τα ελαττώματα του Spectre που διαπιστώθηκαν στο παρελθόν, επηρεάζουν τους παρόχους cloud λόγω της δυνατότητας επίθεσης σε ένα κεντρικό σύστημα από μια εικονική μηχανή, επιτρέποντας στον εισβολέα να αποκτήσει κωδικούς πρόσβασης από τη μνήμη του κεντρικού υπολογιστή.
Let's remind that the Specter Variant 2 defect affected Cloud companies because it could be used to bypass the hypervisor. Its repair required microcode updates from Intel and AMD.
Heise reports that although the first Spectre vulnerabilities were difficult to exploit, 8 novices can be more easily used.
It should also be mentioned that Intel has not yet confirmed that it is trying to repair the specific vulnerabilities.
Intel's press release without algae for silk ribbons