Intel disclosed Tuesday three chip vulnerabilities that could allow access to sensitive computer memory data, according to a company blog post.
Why it matters: It’s a trend in the chip market. In January, security researchers unveiled a decade-long vulnerability that would let hackers steal information from almost every modern device, server, and smartphone. Axios' Ina Fried messages from vacation: "When Intel disclosed those flaws, it was clear that it was a whole new category of vulnerability that we were likely to see more of. Now we are."
- The flaws revealed this week, known as L1 Terminal Fault (L1TF) flaws, could allow nefarious actors to access a data cache that shows what processors are most likely to do next.
- The severity of the flaw is rated as "high" based on the National Vulnerability Database standards. Intel sells over 90% of the processors used in data centers and corporate clouds.
- The company says it is not aware of examples of the gaps being exploited, but it has released updates to patch the issue.
What they're saying:
- Microsoft: A Microsoft spokesperson said fixes to the gaps have been issued.
- Red Hat tells Axios it has several products affected, including Red Hat Enterprise Linux 5, 6 and 7 as well as 13 other products.
- AMD claims it is not susceptible.
- Arm Cortex cores are not affected by the attack, according to a spokesperson.
- Apple has not returned request for comment.
What's next: "The datacenter market doesn’t switch overnight," per Kevin Krewell, a principal analyst at TIRIAS Research. For now, "the processor vendors like Intel...can go back in and change their processor designs going forward," he said.
- Yes, but: The disclosure of these flaws this year has opened up a whole new field of research that wasn't tapped into before, per Krewell. As a result, "expect to see more of these coming out over time," he told Axios.
