Intel Processor Found New Vulnerability Affecting 2, 4 6th Generation Core Processors

While processor processors Meltdown and Spectre vulnerabilities before processor maker Intel have not yet completely subsided, according to a report by a professional media “scmagazine” that specializes in information security abroad, some researchers have found new ones on Intel’s processors. The vulnerabilities. Moreover, this new vulnerabilities will not be able to completely fix this vulnerability with the previous Meltdown and Spectre patches.

The report pointed out that four researchers from several famous universities in the United States stated that they discovered a new attack method and called this loophole 'BranchScope'. 'BranchScope' is not exactly the same as previous Meltdown and Spectre. The similarity between each other is that the attack is initiated through branch prediction in the processor. This makes it possible to obtain sensitive information directly from the user through the 'BranchScope' vulnerability.

The researchers successfully verified the 'BranchScope' vulnerability on three different generations of Intel processors: i7-2600, i7-4800MQ and i5-6200U. This shows that the Intel Core 2nd generation Sandy Bridge processor, 4th generation The Haswell processor, and the sixth-generation Skylake processor failed to immunize the vulnerability. In addition, researchers are currently testing AMD processors.

Other foreign media reports stated that the researchers pointed out that the existing security fixes and microcode update smart protection against attacks from 'BranchScope' still require further measures to be fully immune. However, the 'BranchScope' channel attacks this method and Not widely used with Meltdown and Spectre vulnerabilities. Therefore, it still takes a long time for attackers to actually exploit these vulnerabilities, exploit hardware, and obtain sensitive information from users. Until then, there is still enough time to study the corresponding protections. Measures.

Intel, on the other hand, remained optimistic about the hazards of the vulnerability. Intel issued a statement stating that they have been working with these researchers and have determined that the problems they described are similar to previous channel attacks. Therefore, we believe that the existing Software restoration solutions are equally effective for channel attacks. We also believe that close cooperation with the research community is one of the best means for protecting users and their data, and it is also very much appreciated for the work of these researchers.