Intel may be facing as many as eight new Spectre-level vulnerabilities in its chips, a new report alleges. The report comes months after the Spectre and Meltdown flaws first rocked the silicon industry in early 2018.
German magazine c’t reported on Thursday that the new security flaws in Intel CPUs have been reported to the manufacturer by many different teams of researchers. While the magazine held back on reporting exact details about the vulnerabilities, it says that they are caused by the “same design problem.”
“Protecting our customers’ data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers,” An Intel spokesperson told Threatpost. “We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations. As a best practice, we continue to encourage everyone to keep their systems up-to-date.”
According to c’t, each of the eight vulnerabilities has its Common Vulnerabilities and Exposures (CVE) number reserved, along with corresponding patches. Four of these flaws are classified as “high risk,” and the remaining are rated as “medium,” the magazine stated. One of the flaws touts a significantly higher threat potential than that of Spectre, as it essentially simplifies attacks across system boundaries. Making matters worse, one of the flaws – more so than Spectre – can be easily exploited for attacks across system boundaries, according to the publication.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street