You’ve probably already dealt with it.
So a number of vulnerabilities in Intel chips exist that allow attackers to steal data directly from the processor. Which is super bad. The good news, though, is that it’s mostly easy for the end user to deal with. Just update your devices and apps.
Even better, most major manufacturers, such as Apple, Microsoft, and the like, have already put out updates to deal with the issue Notably, iPhones, iPads, and Apple watches are not subject to the issue, so no need to worry about those.
Essentially, every Intel chip made since 2011 is affected. The flaw exploits a feature in the chips called “speculative execution”. This flaw would allow an attacker to steal data right from the CPU; this includes valuable data like passwords, browser history, and encryption keys. No one’s sure that anyone has actually exploited the flaw for anything nefarious, yet. But why take the chance?
From the researcher that discovered the flaw:
While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys. The attack does not only work on personal computers but can also be exploited in the cloud.
Intel has already patched the problem in future processors. From a statement made to Gizmodo:
[The problem] is already addressed at the hardware level in many of our recent 8th and 9th Generation Intel® Core™ processors, as well as the 2nd Generation Intel® Xeon® Scalable processor family. For other affected products, mitigation is available through microcode updates, coupled with corresponding updates to operating system and hypervisor software that are available starting today.
The main takeaway, here, is just… update your stuff. It’s not hard.
Source: Gizmodo