• Home
  • Laptops
  • Laptops News
  • Intel Downfall Security Flaw Affecting Older Chips Discovered by Researcher, Chipmaker Rolls Out Fixes

Intel Downfall Security Flaw Affecting Older Chips Discovered by Researcher, Chipmaker Rolls Out Fixes

Downfall has impacted users for at least nine years as the affected chips date back to 2014, according to the security researcher who discovered the flaw.

Intel Downfall Security Flaw Affecting Older Chips Discovered by Researcher, Chipmaker Rolls Out Fixes

Photo Credit: Reuters

Downfall can also bypass fixes previously issued by Intel for older flaws like Meltdown

Highlights
  • Intel has issued security fixes for a flaw affecting its older CPUs
  • The Downfall vulnerability affects chips that are up to nine years old
  • Intel revealed details about the security flaws on August 8
Advertisement

Intel processors are affected by Downfall, a security flaw that can allow a malicious user to gain access to sensitive and private user data from users' computers, and the chipmaker is rolling out fixes that patch the vulnerability on affected systems. The flaw was detected by a California-based researcher and disclosed to Intel, allowing the firm to patch the issue before details were published online. Unlike the company's recent chips, older CPUs released by Intel in 2015 are currently vulnerable and these models will receive a microcode update to fix the potential leakage of information.

The chipmaker has assigned a "Medium" security rating for the bug in a post on the Intel Security website, which states that the firm will issue a firmware update and a software sequence — the latter is optional — that is designed to patch the security flaw. Customers with PCs powered by Intel's 6th generation Skylake processors all the way up to the 11th generation Tiger Lake processors are affected by the security flaw. Alder Lake, Sapphire Rapids, and Raptor Lake chips are not affected by the flaw.

Dubbed Downfall by Daniel Moghimi, the Google security researcher who discovered it, the vulnerability is capable of beating boundaries set by the chipmaker for the operating system, virtual machine, and Intel's Software Guard Extensions. Moghimi used the Gather instruction that is used to make it easier to access data that is scattered in the device's memory in order to discover the flaw and develop a proof of concept that was shared with the company in order to develop a fix.

The researcher also explains that the Downfall vulnerability can also bypass fixes previously issued by Intel for older flaws such as Meltdown and Microarchitectural Data Sampling (MDS). Intel is rolling out microcode updates to secure its older processors against the flaw that can allow an attacker to steal arbitrary data from the Linux Kernel, 128-bit and 256-bit AES keys from another user, and even spy on printable characters, according to Moghimi.

Moghimi says the Downfall vulnerability is "highly practical" and that developing an end-to-end attack to steal encryption keys from OpenSSL — and open-source encryption library — took only two weeks. Users have been exposed to Downfall for at least nine years, as the chips affected by the security flaw were released as early as 2014.

“The security researcher, working within the controlled conditions of a research environment, demonstrated the GDS issue which relies on software using Gather instructions. While this attack would be very complex to pull off outside of such controlled conditions, affected platforms have an available mitigation via a microcode update. Recent Intel processors, including Alder Lake, Raptor Lake and Sapphire Rapids, are not affected. Many customers, after reviewing Intel's risk assessment guidance, may determine to disable the mitigation via switches made available through Windows and Linux operating systems as well as VMMs. In public cloud environments, customers should check with their provider on the feasibility of these switches,” an Intel spokesperson told Gadgets 360.


From the launch of the Infinix GT 10 Pro to Amazon's latest mega-sale, we discuss the most noteworthy technology news events of the week on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For details of the latest launches and news from Samsung, Xiaomi, Realme, OnePlus, Oppo and other companies at the Mobile World Congress in Barcelona, visit our MWC 2024 hub.

David Delima
As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More
Samsung Galaxy A05 Listed on Geekbench With MediaTek Helio G85 SoC, Android 13: All Details
Nothing Phone 2 Receives Nothing OS 2.0.2 Update; Users Complain of Poor Camera Quality: All Details
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »