New flaw in Intel processors can be exploited in a similar way to Spectre
Fortunately it’s a much less serious vulnerability, though
A new security vulnerability has been found in Intel’s family of Core processors, along similar lines of the major Spectre bug that has been making headlines all year. Thankfully, this one appears to be less severe – and is already patched in modern versions of Windows and Linux.
The freshly-discovered hole is known as the ‘Lazy FP state restore’ bug, and like Spectre, it is a speculative execution side channel attack. Just a few weeks back, we were told to expect further spins on speculative execution attack vectors, and it seems this is one.
Intel explains: “Systems using Intel Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel.”
What that means is theoretically the flaw can be exploited to pilfer data from running applications, and worryingly, that potentially includes encryption operations, as ZDNet reports. All Intel Core chips are vulnerable regardless of the platform they’re running on.
Moderate severity
The good news is that severity of this attack is only rated as ‘moderate’ by Intel, as it’s tricky to exploit, and also easy to fix. Indeed, modern versions of both Windows and Linux – that includes Windows 10 and Windows Server 2016, and any Linux distro which employs the Linux 4.9 kernel or better – are believed to be safe from this vulnerability already.
OpenBSD and DragonflyBSD are also bulletproof, plus a fix has already been issued for FreeBSD.
Windows 2008 Server users, however, will need to install a patch to protect themselves. And despite this not being rated as a critical vulnerability, you’ll certainly want to get things patched as soon as possible.
Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.
Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.
As we’ve already mentioned, there are likely to be more of these speculative execution side channel attacks discovered, and 2018 is set to be a lively year on the security front, to say the least.
- We’ve picked out the best laptops of 2018
Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).