Massive SPOILER vulnerability affects Intel CPUs

null

Another major security vulnerability is affecting Intel processors, experts have warned.

SPOILER was detected by researchers at Worcester Polytechnic Institute in Massachusetts and the University of Lübeck in Germany, and could be even more dangerous that the infamous Spectre vulnerability.

The new flaw bears some similarities to Spectre, allowing attackers to exploit the way the PC’s memory works to glimpse data from running programs and potentially other critical data which should otherwise not be accessible.

However the team notes that, “Spoiler is not a Spectre attack."

"The root cause for Spoiler is a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem which directly leaks timing behavior due to physical address conflicts," the paper adds. "Existing spectre mitigations would therefore not interfere with Spoiler.”

In order to fully infect a system, Spoiler would first need to gain a foothold in a victim's system, which could be achieved through traditional malware or phishing attacks.

The researchers say that Spoiler will require “significant redesign work at the silicon level” to be mitigated, however Intel has hit back at these suggestions.

“Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest," an Intel spokesperson told TechRadar.

“We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.”