Some of the newest Intel processors could be hit by dangerous new security flaw — Raptor Lake and Alder Lake both affected

News
By published

A fix is already available, so patch now

Alder Lake mobile chips
(Image credit: Intel)

Experts have discovered a new way to run side-channel attacks on some of the latest processors from Intel, and warned if users don’t secure their devices, they risk losing sensitive data to cyber-criminals.

Security researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen detailed an attack they named Indirector, which abuses vulnerabilities found in Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) to work around the chip’s defenses and obtain important data. 

It was said that both Raptor Lake and Alder Lake were susceptible to Indirector.

A patch is available

IBP is a hardware component that predicts the target addresses of indirect branches (control flow instructions). Since the address is computed at runtime, the IBP uses a combination of global history and branch address to predict the target address of indirect branches, the researchers explained. 

In other words, IBPs are vulnerable and allow the attackers to run Branch Target Injection (BTI) attacks which, in turn, grant them the ability to grab sensitive information directly from the unit. To that end, the researchers built a tool called iBranch Locator. 

The researchers tipped Intel off on their findings earlier this year, and while the company acknowledged their discovery, they said that previous fixes address this method, too.

"Intel reviewed the report submitted by academic researchers and determined previous mitigation guidance provided for issues such as IBRS, eIBRS, and BHI are effective against this new research and no new mitigations or guidance is required," a spokesperson for the company told The Hacker News.

Similar to the Spectre and Meltdown vulnerabilities from a few years back, this method also leans on speculative execution. That is a feature that most modern CPUs use, in which the chips “speculate” the path of a branch and execute instructions ahead of time to improve performance. Patching these types of flaws usually reduce the performance of the processors.

Via TheHackerNews

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
An abstract image of a lock against a digital background, denoting cybersecurity.
Apple CPU security issue could let hackers steal user data from browsers
Security
Intel slams Nvidia and AMD, claims chip giants have huge numbers of security flaws
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
AMD logo
AMD patches high severity security flaw affecting Zen chips
Skull and Bones
Experts warn DNA sequencers are vulnerable to bootkit attacks
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
AMD Ryzen 9950X

I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
See more latest
Most Popular
AMD Ryzen 9950X
I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.
Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Google Gemini AI
Gemini can now see your screen and judge your tabs
iFi iDSD Valkyrie in gold, on a beige desk
iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now