Intel chips have another flaw that could let skilled hackers pull sensitive information from microprocessors, Intel and independent security researchers said Tuesday.
The researchers say a flaw in the microprocessors is vulnerable to four new attacks, each of which could capture information like encryption keys and passwords — the building blocks of security for the rest of your computer. The research was reported earlier by Wired, which said the flaw affects millions of PCs.
Multiple researchers spread across more than a dozen different organizations released their findings about the flaw on Tuesday. The flaw is in the same family as the the Meltdown and Spectre flaws announced in 2018, and it has some similarities. First, it affects data stored on your chip that the hardware keeps around to perform tasks more quickly. What’s more, the new flaw requires hackers to get malicious software to run on your device before they can steal information from the chip.
The announcement indicates that this type of flaw, which was novel when reports of Meltdown and Spectre were first announced, is an area of intense research, and experts might continue to find serious chip flaws down the road. Intel and other chip makers face the challenge of addressing flaws that allow these kinds of attacks without sacrificing the performance of their microprocessors.
Intel said in a statement that the best way to protect yourself from attacks targeting this flaw is to keep your system software updated. The flaw has been fixed on Intel Core processors from the 8th and 9th generation, as well as the Intel Xeon Scalable processor family’s 2nd generation. Other chips can be fixed with updates to software called microcode, which solve the problem without having to rewrite the hard coded features of a microprocessor.