'Nearly all' Intel chips have major security flaw

News
By
published

Vulnerability affectes nearly all Intel hardware, Bitdefender says.

(Image credit: Shutterstock)

Researchers have warned thatr Intel hardware may have another major security vulnerability, potentially putting millions of devices around the world at risk.

The security team at Bitdefender claim that "every machine" that uses an Intel processor and that runs Windows, Linux or FreeBSD is impacted by the vulnerability, which comes just months after the hugely damaging Spectre and Meltdown scares.

The company says that both enterprise and home users will be affected, as laptops, PCs and servers are all susceptible to the flaw.

Intel flaw

The vulnerability takes advantage of a flaw in Intel's hardware protection to open up a side-channel attack that would give attackers a way in to access all information in the operating system kernel memory. 

It does so by exploiting a feature known as 'speculative execution', which aims to speed up a device's CPU by getting it to make educated guesses as to which instructions might come next. However speculative execution can leave traces in-cache, which attackers can hijack to gain access into systems and the data within.

This new flaw bypasses all protections implemented after the discovery of Spectre and Meltdown in early 2018, meaning it can affect previously patched systems.

(Image credit: Intel)

“Criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage and spy,” said Gavin Hill, vice president, datacenter and network security products at Bitdefender.

“Research into these attacks is on the cutting edge as it gets to the very roots of how modern CPUs operate and requires a thorough understanding of CPU internals, OS internals, and speculative-execution side-channel attacks in-general.”

Bitdefender says it has worked with Intel to create a fix for the flaw, which is available to download now. 

It added that ecosystem partners such as Microsoft and Linux has also patched the vulnerbaility, but users should ensure their systems are up to date immediately.

Mike Moore
Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Latest in Security
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
ransomware avast
Hackers spotted using unsecured webcam to launch cyberattack
Latest in News
WhatsApp
WhatsApp just made its AI impossible to avoid – but at least you can turn it off
ChatGPT vs Gemini comparison
I compared GPT-4.5 to Gemini 2.0 Flash and the results surprised me
Apple iPhone 16 Plus
Apple officially delays the AI-infused Siri and admits, ‘It’s going to take us longer than we thought’
The Meta Quest Pro on its charging pad on a desk, in front of a window with the curtain closed
Samsung, Apple and Meta want to use OLED in their next VR headsets – but only Meta has a plan to make it cheap
AMD Ryzen 9000 3D chips
AMD officially announces price and release date for Ryzen 9 9900X3D and 9950X3D processors
Google Pixel 9
There's something strange going on with Google Pixel phone vibrations after the latest update
More about security
Woman shocked by online scam, holding her credit card outside

Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Cryptocurrencies

Ransomware’s favorite Russian crypto exchange seized by law enforcement
Reliance Corporate Park (RCP), Navi Mumbai

'Who wants to be a billionaire?': Millions will get app to 'build high compute AI applications' and get them deployed across India's largest phone network
See more latest
Most Popular
Reliance Corporate Park (RCP), Navi Mumbai
'Who wants to be a billionaire?': Millions will get app to 'build high compute AI applications' and get them deployed across India's largest phone network
WhatsApp
WhatsApp just made its AI impossible to avoid – but at least you can turn it off
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
ChatGPT vs Gemini comparison
I compared GPT-4.5 to Gemini 2.0 Flash and the results surprised me
Brother HL-L2865DW during our review process
Brother denies claims it locked down third-party printer ink cartridges via forced firmware updates
Telo MT1
The anti-Cybertruck? This new electric pick-up is the size of a Mini and the cutest way to haul your gear
Apple iPhone 16 Plus
Apple officially delays the AI-infused Siri and admits, ‘It’s going to take us longer than we thought’
AMD Ryzen 9000 3D chips
AMD officially announces price and release date for Ryzen 9 9900X3D and 9950X3D processors
Microtik RDS2216 data server
This is Amazon's first foray in servers, and certainly not the last: MicroTik franken-router is powered by the AWS Graviton 1 Arm CPU
The Meta Quest Pro on its charging pad on a desk, in front of a window with the curtain closed
Samsung, Apple and Meta want to use OLED in their next VR headsets – but only Meta has a plan to make it cheap