Vulnerabilities in Intel Raptor Lake and Alder Lake processors have been discovered that, when exploited by a cybercriminal, allow a new type of cyberattack to be orchestrated, resulting in the theft of sensitive data through the CPU.
Three researchers from the University of California, San Diego, have discovered security breaches within certain processors designed by Intel, report our colleagues at Bleeping Computer. The vulnerabilities affect all Raptor Lake and Alder Lake CPUs, the twelfth and thirteenth generations of Intel Core chips, released in 2021 and 2022, respectively.
The holes are in the Indirect Branch Predictor (IBP) components, which are designed to improve program execution, and the Branch Target Buffer (BTB), which plays a crucial role in optimizing performance. These components are designed to frame Branchesthat is, instructions in a program Who direct the processor to different parts of the code based on certain conditions.
Also read: Intel and “the fall” – billions of processors have a serious security flaw
“Indirector”, the new threat of Intel chips
By exploiting these flaws, an attacker can deploy an attack called “Indirector.” This is a type of offensive referred to as “Branch Target Injection.” It is part of the family of side-channel attacks, just like the famous Spectre and Meltdown flaws that made a lot of noise in 2018. The attack exploits the vulnerabilities of prediction mechanisms branch of processors with the aim of executing malicious code. In this way, an attacker can access sensitive data on the CPU without the computer’s knowledge.
According to the researchers, both branch prediction systems suffer from serious operating flaws, which can lead to incorrect predictions. These mechanisms, considered too predictable, can be easily fooled by an attacker. There are several methods of operation to exploit the flaws and succeed in stealing the data. These “vary by machine”the researchers note in their technical report. The attack is considered sophisticated and highly precise.
Alerted by experts in February 2024, Intel notified all affected hardware and software vendors. In addition, researchers have proposed two mitigation measures to reduce the risk of cyberattacks. Unfortunately, these measures have an impact on CPU performance, so they need to be implemented with finesse. At this time, we don’t know more about the deployment of a possible patch.
To not miss any news from 01net, follow us on Google News and WhatsApp.
Source :
Bleeping Computer
