About Intel Security Flaw:
Downfall is a security weakness that affects Intel processors and could allow a malicious person to obtain private and sensitive user data from users’ computers. Intel is currently putting out solutions to remedy the vulnerability on impacted devices. The vulnerability was found by a California-based researcher and reported to Intel, enabling the company to fix the problem before the specifics were made public online.
Older Intel CPUs from 2015 are susceptible right now, in contrast to the company’s more modern chips, and a microcode update will be applied to these models to address the potential information leak.
Dropping #Downfall, exploiting speculative forwarding of 'Gather' instruction to steal data from hardware registers. #MeltdownSequel
– Practical to exploit (POC/Demo)
– Defeat all isolation boundaries (OS, VM, SGX)
– Bypass all Meltdown/MDS mitigations.https://t.co/udgnfAWCE2 pic.twitter.com/mZvsAs5uRl— Daniel Moghimi (@flowyroll) August 8, 2023
According to a post on the Intel Security website, the chipmaker has given the problem a “Medium” security grade and will release a software sequence and a firmware update to address the security flaw.
The software update is optional. Customers using PCs with Intel’s sixth-generation Skylake processors through its eleventh-generation Tiger Lake processors are vulnerable. The issue does not impact the chips from Alder Lake, Sapphire Rapids, or Raptor Lake.
The weakness, known as “Downfall” by Daniel Moghimi, the Google security researcher who found it, is capable of circumventing security measures put in place by the chipmaker for the operating system, virtual machine, and Intel’s Software Guard Extensions.
Moghimi utilized the Gather instruction, which facilitates access to data that is dispersed throughout the device’s memory, to identify the problem and create a proof of concept that was shared with the business in order to design a patch.
The researcher goes on to say that prior problems like Meltdown and Microarchitectural Data Sampling (MDS) can still be exploited via the Downfall vulnerability, despite Intel’s previous attempts to repair them.
According to Moghimi, Intel is distributing microcode upgrades to protect its older chips from the weakness that may let an attacker take arbitrary data from the Linux Kernel, 128-bit and 256-bit AES keys from another user, and even spy on printable characters.
According to Moghimi, the Downfall vulnerability is “highly practical” and it only took two weeks to construct an end-to-end attack to steal encryption keys from OpenSSL, an open-source encryption library. Due to the fact that the vulnerable chips were just introduced in 2014, users have been exposed to Downfall for at least nine years.
Also Read: Covid: Has It Returned to India? Why Now Is Not the Time to Panic, But Take Precautions
