Intel Claims Security Flaw Also Impacts Non-Intel Chips, Exploits Can't Corrupt, Modify or Delete Data [Updated]

[Joesmith13245]

NSA must have found another vulnerability to exploit for this to be released.

 

[alphaod]

Maybe it's good that China doesn't want to run government and state-owned institutions using US-made processors.

 

[Sasparilla]

Shading AMD is just another Intel cheap shot. That company has problems.

According to the article there are 2 bugs. They are both horrible. The worst is just Intel and ARM and can be patched. The next worse (applications can access other applications in memory - i.e. read what's going on as you paste in your passwords) affects Intel, ARM and AMD - with no solution available.

Intel is spinning this by just talking about the 2nd bug - affecting everyone.

 

[skinned66]

I'm noticing how few of the people outraged by Apple and pledging to buy PCs are in this thread being outraged.

I'm noticing that the usual apologists have nothing to apologize for this time.

 

[tipoo]

Bit of a swerve from Intel. Only the weaker, far less probable flaw impacts AMD, while the more severe flaw impacts Intel. They word it as if they're both equally bad off.

 

[nt5672]

Or .... NSA paid them to keep their mouth shut and look the other way until it comes out on its own and then just claim "oops, sorry"

Close, the NSA does not pay people or companies, they use the FBI to threaten them with a secret warrant, they keep the info to themselves, or then just plain break the law. In any case Intel, was either ignorant of this or they were forced to ignore it. Intel has no other incentive to just not fix it in the next generation.

 

[MacHiavelli]

And some people still think cryptocurrencies can’t be hacked, stolen, copied, or duplicated. Nothing is secure.

1 Bitcoin = 0 Dollars

 

[Glideslope]

NSA must have found another vulnerability to exploit for this to be released.

What’s left of the NSA with the flood of hackers leaving for private firms.

 

[leman]

So, I looked through the relevant papers, and I don't see how this is a bug. They are using side-channel attacks (which have been known for quite some time) which very smartly exploit certain properties of how the CPUs work. But these CPUs are not "broken". Clearly, people who have designed the system didn't think that it could be abused in this way. Basically, the attack method is similar to measuring vibrations in a wall of a building neighbouring to a bank in the hope to recover the pin configuration when a banker is opening the vault.

There are two fundamental issues that I see here:

- Cache flush instructions, which don't really serve any practical purpose for non-system code but are basis to statistical methods employed by these attacks
- The fact that operating systems carelessly map kernel memory for all processes, even if this memory is mapped as read-only

From what I understand, simply rendering the cache clear instruction inoperable (which can be done via a microcode update), these attacks won't work anymore. But maybe I am missing something big.

 

[cube]

ARM does make processors that use x86, or at least let x86 be used on them. So that is why they would be affected by it

ARM does not have an x86 license. Their vulnerability has nothing to do with it.

 

[MacBH928]

So what will happen to my older iOS devices that I can not upgrade to newer OS's?
What about my iPhone 7 that is still on iOS 10 and currently I have my reasons not to upgrade to iOS 11

 

[nt5672]

Flaw? Or intentional backdoor?

I don't think these flaws are intentional backdoors designed by Intel. Why? Because it makes no sense. Intel and anyone not brain dead knows that when, not if, this comes to light it will be a big hit to their brand. Companies do not do take big hits if they have a choice.

Now maybe 10 years ago, when security was not considered as important as today, it may have been a security versus speed decision. That makes sense. It could also be that the people/management that made this decision left intel and the tech was just copied from company to company.

It also could have been an NSA employee working at Intel that installed this. That also makes some sense as it is a read only type bug. That fits the NSA perfectly and no one would have told Intel.

It could also have been incompetence, that makes sense. We see that at Apple right now.

Early in my engineering career, I was told a quote something like, "Never blame something on malice when it can be adequately explained by incompetence." I have to say that has been proven over and over again in my career. So my experience indicates that this is just simply incompetence on Intel's part.

I'll also bet the NSA has known about this for years and instead of protecting America, they kept the knowledge to themselves. They have no incentive to tell Intel or anyone else about this flaw because it can used to protect/hurt the U.S. political elite (both parties) and to screw with worldwide politics/events.

 

[citysnaps]

NSA must have found another vulnerability to exploit for this to be released.

I sure hope so.

 

[skinned66]

So what will happen to my older iOS devices that I can not upgrade to newer OS's?
What about my iPhone 7 that is still on iOS 10 and currently I have my reasons not to upgrade to iOS 11

Expect the worst so you can be pleasantly surprised if it happens.

 

[justperry]

... Who use Intel, AMD and ARM powered computers/devices.

You do know that many intel and Military systems are x86 systems running Windows right? Other run some type of unix,or linix. I am sure that there are some Macs as well.

There are (plenty) of different CPU architectures, ones that are not affected by this.

Forgot to mention, you do realize many of those systems run on Intel CPUs right? Not consumer but the server side ones. Not to mention, the Intel scientific CPUs that are not even out for servers.

They might run on SPARC and IBM's S390, ones that are not affected amongst plenty others.

 

[Firebrand]

At least those running DOS 6 and Windows 3.1 on a 486 are safe.

Back to Sierra gaming then ;-)

 

[grandoflex]

Back to Sierra gaming then ;-)

Time to dig my MegaDrive out of the attic!

 

[nt5672]

Maybe it's good that China doesn't want to run government and state-owned institutions using US-made processors.

Maybe it would be better if Americans did not run their personal life with US-made processors.

 

[cfurlin]

More conspiracy theories on MacRumors than on the X-Files, lol.

They should just change the logo here to a tin-foil hat.

 

[Opi-Poi]

It would be really helpful if there was a link on the main page of MacRumors to clarify which systems are affected and if a update is available rather than having to trail though forums and tech release notes to find out urgent info like this. Still unsure if I'm ok.

Ideally it would be best from Apple’s website but we know that's not going to happen.

Kinda intrigued by the surprises that are coming that devs are talking about. Hmmmm.



Mac Mini Late 2009 3.1 / OSX 10.11.6 / Sept 17 Sec Upd

 

[cfurlin]

So we have the same “flaw” in two different chip architectures. ..... I stand firm that this was a three letter agency backdoor.

You should ask the king of the demon unicorns who lives in the faery woods. He know ALL things.

 

[Kes.Siebring]

I wonder how long Intel has known about this flaw.

IMO more interesting is how long did gov agencies knew about this.

/putting_on_tin_foil_hat
NSA told Intel to design this flaw /s

 

[iosuser]

That's more or less Intel's logic per their response - attackers can only read the entire memory content but not delete or modify it

 

[leman]

IMO more interesting is how long did gov agencies knew about this.

Probably for a very long time. Techniques like these were known for a while. I don't think they are very practical for large-scale generic attacks, but great for targeting individual computers where you know what you are looking for.

NSA told Intel to design this flaw

Unlikely. You don't really design a flaw like this. It emerges naturally. Read the papers

 

[whoispankaj]

Was this a genuine security flaw or something that was intentionally put in to provide back channel and only acknowledged now