For the third time in a year, h Intel reveals the existence vulnerabilities in its processors. The company said yesterday it plans to release one new software update "in the coming weeks". New information will correct two Zombieload vulnerabilities (or microarchitectural data sampling-MDS). The two previous releases were released in May and November of last year.
Current vulnerabilities do not seem to be as dangerous as those corrected by the previous ones patches. The reason is that there are some limitations. Initially, one of the two vulnerabilities, h L1DES, does not affect the latest Intel chips. In addition, it is not possible to attack using a web browser. According to Intel, there is no evidence that the vulnerabilities were used by anyone outside the lab.
However, the researchers security criticize Intel for the "fragmented approach" that follows in correcting vulnerabilities. The company does not immediately respond to any correction. This also happened with the correction of vulnerabilities in November. "For months we have been trying to persuade Intel that attacks via L1DES were possible and that the vulnerability had to be corrected," the international team of computer scientists wrote on its website. They were the same researchers who discovered the vulnerability.
Researchers seem particularly annoyed with Intel. They wrote that vulnerabilities should be corrected immediately, while stressing that current strategies The company's resolve to resolve these issues is questionable.
Intel undermined bad criticism, saying that it has taken care to reduce the risk of these vulnerabilities for its processors. “From May 2019, starting with Microarchitectural Data Sampling (MDS) and then in November with THE A, we and our partners have received meters which have reduced the chances of an attack, ”said an Intel spokesman. “We continue to carry on research in this field - both internally and in collaboration with the external research community. "