Intel finds another chip exploit

Intel, the biggest maker of computer processors, said it found another way to attack computers related to the chip security flaws announced earlier this year.

The means to protect against the vulnerability is already in place and there is no evidence of it having been used to hack computers, Intel said in a statement on its website.

“We have not seen any reports of this method being used in real-world exploits,” the company said in the statement. “Moreover, there are multiple ways for consumers and IT professionals to safeguard their systems against potential exploits, including browser-based mitigations that have already been deployed and are available for use today.”

Earlier this year, there was widespread concern in the computer industry after the revelation by researchers at Google of ways to use features of microprocessors to gain illicit access to data such as encryption keys and passwords that were thought to be safely guarded by hardware. The Spectre and Meltdown vulnerabilities led to frantic work by Intel and its computer-maker partners to put in place software code to protect systems.

The world’s second-biggest chip maker was forced to apologise and explain that the mitigations may slow down machines in some circumstances. Since then there have been no reports of the vulnerabilities being exploited and, importantly for investors, no evidence that security concerns have affected computer purchases.

The new variant is related to the previous Spectre and Meltdown flaws, Intel said. A potential way to exploit the vulnerability would be to try to access information via code run inside a Web browser. Fixes for the original issues should have already closed off this avenue to those trying to gain illicit access, the company said. Nonetheless, Intel has created more code to make machines more safe. In tests, computers may be slowed down by 2-8% if the patches are used, Intel said.

AMD, Intel’s main rival in computer microprocessors, said it hasn’t identified any AMD x86 products susceptible to the vulnerability. ARM Holdings, whose technology is at the heart of most mobile phones, said the latest Spectre variant impacts a small number of its Cortex-A cores and is mitigated with a firmware update.  — Reported by Ian King, (c) 2018 Bloomberg LP