Oh no.
If you get caught we’ve never met.
This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer.
So just continue not letting people use my computer, got it. Very simple fix.
It appears that users in this case include agents such as software. A bit confusing for the general public.
For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages.
It can theoretically even be exploited via a browser:
[Q] What about web browsers?
[A] In theory, remotely exploiting this vulnerability from the web browser is possible. In practice, demonstrating successful attacks via web browsers requires additional research and engineering efforts.
According to him, billions of Intel processors are affected, which are used in private user computers as well as in cloud servers.
Update: Intel’s Downfall was closely followed by AMD’s Inception, a newfound security hole affecting all Ryzen and Epyc processors.so both desktop and server chips are affected on both cpu manufacturers products. can’t take any measures if your password is online on some server.
From what I’m reading, Inception is a pretty minor vulnerability, especially compared to downfall.
I was going to say, AMD had a flaw of similar severity. And they won’t have a fix for a few months for most affected CPUs, and that fix will likely incur a loss in performance.
Basically it sounds like both of these flaws are due to the security chip. I can’t help but feel like these flaws are by design. /tinfoil
Downfall was disclosed to Intel a year ago but was on embargo until this week. Can’t help but suspect that Intel waited for AMD to be impacted by a similar event to reveal downfall
Anyway.Run AMD.…All Ryzen and Epyc processors were found to have a very similar bug not too long ago, it’s actually addressed in the article. You might want to read it…
Here is a good write-up of Zenbleed for the Ryzen 2 and up vulnerability. It uses similar register optimisation and speculative execution to get the same effect.
Here we go again…
They really should be recalled like they were forced to when the fdiv bug happened https://en.wikipedia.org/wiki/Pentium_FDIV_bug
deleted by creator