Intel and independent security researchers revealed yesterday, Tuesday, 14th May 2019, that the company’s chip had a flaw which could give skilled hackers access to user’s PCs. It means hackers can get access to pull sensitive information from the device’s microprocessor.
The flaw in the microprocessor means that the attacks could potentially capture information like encryption keys and passwords. It can make the building blocks security of your device vulnerable, and it affects millions of PCs.
The flaw according to researchers is similar to the Meltdown and Spectre flaws announced in 2018. It affects data stored on the chip used by the hardware to perform tasks quickly. It also requires hackers to get malicious software to run the device before they eventually steal the information from the chip.
In a statement, Intel says the best way to protect your PC from the attack would be to keep the system software updated. They say they fixed the flaw on Intel Xeon Scalable processor family’s 2nd generation and the core processors from the 8th and 9th generation. Intel says other chips can be fixed with updates to the software. This update, called Microcode, will solve the problem without rewriting the hard-coded features of the microprocessor.
New updates for Intel PCs
In 2018, Intel had its first public meltdown after they discovered the Meltdown and Spectre security flaws. This new vulnerability, called Microarchitectural Date Sampling (MDS), leaves computers vulnerable to eavesdropping hacking attacks. However, Intel learned its lesson from the first Meltdown. The company subsequently found a better way to deal with the problem.
New updates have rolled out to address the security glitch. Intel advises users to update their PCs to eliminate the risk of attacks. This involves all Intel-powered PCs, whether it’s a Windows PC or a MacBook. Business customers operating from the cloud are also advised to check with their service providers. This will help them to ensure that their PC has the latest available security patches installed.
A wide range of researchers from different security firms and universities discovered the flaw. They discovered that there are four distinct ways that hackers can carry out MDS attacks. In the MDS flaw, hackers can access data from the cache. They can access everything like password and credit card information from websites visited. They can also leverage on the MDS to extract decryption keys to an encrypted drive.
Intel has now made a fix that they can deploy through the various operating systems. Apple says the recent Mac OS Mojave operating system and Safari desktop browser update include a fix to the flaw. Mac users can also download the new update to stay protected.
Google also says its recent update has a fix, and Microsoft in a statement says that a fix will be available later today. Microsoft advises its Windows 10 users to download the new update. In the statement Microsoft said,
“We are working to deploy mitigations to cloud services and release security updates to protect Windows customers against vulnerabilities affecting supported hardware chips.”
Amazon web services also deployed its own fixes. It said,
“All EC2 host infrastructure has been updated with these new protections. No customer action is required at the infrastructure level. Updated kernels and microcode packages for Amazon Linux AMI 2018.03 and Amazon Linux 2 are available in the respective repositories (ALAS-2019-1205).”
As it is, the vulnerability did not affect AMD and ARM silicon. However, if your system is on the Intel chip, please apply the latest software patches and run the latest system updates. You should also keep an eye on new updates that might be coming soon.