Dutch researchers find serious vulnerability in Intel chips
Researchers from the Vrije Universiteit in Amsterdam found a serious security vulnerability in commonly used processor chips made by Intel. The vulnerability makes it possible to read data processed by these CPUs. "Everything that the CPU actively uses can be leaked", researcher Herbert Bos said to NU.nl. "So that's everything you do on your computer."
The vulnerability is present in almost all modern servers, desktops and laptops that are equipped with an Intel processor, but not in smartphones and tablets with Intel chips. If someone exploits the vulnerability, they can read all kinds of data that the processor is processing, including things like credit card details and passwords.
"To leak that data, it is only necessary to run a specific program code on the victim's processor", Bos explained to the newspaper. This program code can end up on a victim's computer if they visit a website with a rogue Java Script ad or install malicious software, for example.
Microsoft and Apple are releasing updates for their Windows and macOS processing systems, Bos said. He advises users to install these updates as quickly as possible to eliminate "many of the problems". Whether a software update will be enough to fix this hardware problem, he would not say due to agreements with Intel, according to NU.nl.
The Amsterdam researchers coordinated the publication of the vulnerability they found with the publication of similar findings from other researchers around the world. The findings were published in agreement with Intel, so that the American chip maker can investigate and close the vulnerabilities.
"These vulnerabilities are all related", Bos said to NU.n. "It is an example of multiple vulnerabilities with the Intel chips that eventually end up under the same umbrella." The vulnerabilities all make it possible to read data processed by Intel chips, the differences in the findings only have to do with where on the chip it happens, he said.