There is a serious security flaw in billions of Intel CPUs that can let attackers steal confidential data like passwords and encryption keys. Firmware updates can fix it, but at a potential significant performance loss.

Oh no.

  • chicken@lemmy.dbzer0.comEnglish
    3·
    1 year ago

    This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer.

    So just continue not letting people use my computer, got it. Very simple fix.

    • salient_one@lemmy.villa-straylight.socialEnglish
      2·
      1 year ago

      It appears that users in this case include agents such as software. A bit confusing for the general public.

      For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages.

      Official website

      It can theoretically even be exploited via a browser:

      [Q] What about web browsers?

      [A] In theory, remotely exploiting this vulnerability from the web browser is possible. In practice, demonstrating successful attacks via web browsers requires additional research and engineering efforts.

      FAQ at the official website

  • TimeMuncher2@kbin.social
    1·
    1 year ago

    According to him, billions of Intel processors are affected, which are used in private user computers as well as in cloud servers.
    Update: Intel’s Downfall was closely followed by AMD’s Inception, a newfound security hole affecting all Ryzen and Epyc processors.

    so both desktop and server chips are affected on both cpu manufacturers products. can’t take any measures if your password is online on some server.

    • June@lemm.eeEnglish
      1·
      1 year ago

      From what I’m reading, Inception is a pretty minor vulnerability, especially compared to downfall.

    • TWeaK@lemm.eeEnglish
      1·
      1 year ago

      I was going to say, AMD had a flaw of similar severity. And they won’t have a fix for a few months for most affected CPUs, and that fix will likely incur a loss in performance.

      Basically it sounds like both of these flaws are due to the security chip. I can’t help but feel like these flaws are by design. /tinfoil

    • circuscritic@lemmy.caEnglish
      1·
      1 year ago

      …All Ryzen and Epyc processors were found to have a very similar bug not too long ago, it’s actually addressed in the article. You might want to read it…

      • xaera@sh.itjust.worksEnglish
        1·
        1 year ago

        Here is a good write-up of Zenbleed for the Ryzen 2 and up vulnerability. It uses similar register optimisation and speculative execution to get the same effect.