loader gif

Newly discovered ‘SPOILER’ vulnerability found affecting all Intel CPUs

intel,chip,inside,processor,computer,microprocessor,semiconductor,board,chipset,circuit,desktop,digital,early,editorial,electronic,hardware,historical,illustrative,maker,microchip,motherboard,old,pc,technology
  • The flaw can be even more dangerous than the infamous Spectre vulnerability.
  • The ‘SPOILER’ flaw takes advantage of speculative execution in order to reveal memory layout data.

Experts have warned about a new major security vulnerability that impacts all Intel processors. Identified as ‘SPOILER’, the flaw can be even more dangerous than the infamous Spectre vulnerability.

What is SPOILER - SPOILER was detected by researchers at Worcester Polytechnic Institute in Massachusetts and the University of Lübeck in Germany. The new flaw bears some similarities to Spectre attacks were revealed last year. However, the team notes that “Spoiler is not a Spectre attack."

The ‘SPOILER’ flaw takes advantage of speculative execution in order to reveal memory layout data. This makes it easy for the attackers to launch other attacks such as Rowhammer, cache and JavaScript-enabled attacks.

“The root cause of the issue is that the memory operations execute speculatively and the processor resolves the dependency when the full physical address bits are available,” said Ahmad Moghimi, one of the researchers in the research paper.

How can it be exploited - The flaw can be exploited by either injecting malicious JavaScript into a web browser tab or by running malware on the system or by any illicit logged in users. The researchers further note that the leakage can be exploited only by a limited set of instructions and is visible in all generations of Intel. It also works from within virtual machines and sandboxed environments.

Intel was aware of it - Intel was informed of the findings in early December. However, it did not respond immediately. The company believes that such issues can be addressed by employing side channel safe software. Such software will avoid control flows that are dependent on the data of interest, Techradar reported.

loader gif