Aug 15, 2018

Intel reveals 3 more chip vulnerabilities

Intel logo in blue.

Photo: Alexander Koerner/Getty Images

Intel disclosed Tuesday three chip vulnerabilities that could allow access to sensitive computer memory data, according to a company blog post.

Why it matters: It’s a trend in the chip market. In January, security researchers unveiled a decade-long vulnerability that would let hackers steal information from almost every modern device, server, and smartphone. Axios' Ina Fried messages from vacation: "When Intel disclosed those flaws, it was clear that it was a whole new category of vulnerability that we were likely to see more of. Now we are."

  • The flaws revealed this week, known as L1 Terminal Fault (L1TF) flaws, could allow nefarious actors to access a data cache that shows what processors are most likely to do next.
  • The severity of the flaw is rated as "high" based on the National Vulnerability Database standards. Intel sells over 90% of the processors used in data centers and corporate clouds.
  • The company says it is not aware of examples of the gaps being exploited, but it has released updates to patch the issue.

What they're saying:

  • Microsoft: A Microsoft spokesperson said fixes to the gaps have been issued.
  • Red Hat tells Axios it has several products affected, including Red Hat Enterprise Linux 5, 6 and 7 as well as 13 other products.
  • AMD claims it is not susceptible.
  • Arm Cortex cores are not affected by the attack, according to a spokesperson.
  • Apple has not returned request for comment.

What's next: "The datacenter market doesn’t switch overnight," per Kevin Krewell, a principal analyst at TIRIAS Research. For now, "the processor vendors like Intel...can go back in and change their processor designs going forward," he said.

  • Yes, but: The disclosure of these flaws this year has opened up a whole new field of research that wasn't tapped into before, per Krewell. As a result, "expect to see more of these coming out over time," he told Axios.
Go deeper