Security researchers from Worcester Polytechnic Institute and the University of Lubeck published on March 1 that another vulnerability affecting all Intel-based computers including Apple’s Mac has been discovered.
The function, which is dubbed ‘spoiler,’ of Intel’s processors, deals with speculative execution, a technique that’s able to figure out how virtual and physical memory are related by measuring the timing of speculative load and storage operations performed by the processor. it has been discovered that in this function is a vulnerability that has been present since the very first processor was developed.
And it gives access to hackers, when they are able to spot these discrepancies in timing, to determine memory layout and thus enables them to know areas to attack.
Also researchers report that no software correction can completely eradicate this problem at this time. They also believe that even if the architecture of the chip is fixed it will affect the chip’s performance.
This vulnerability was reported to Intel last December 1, 2018 and after the usual 90 day period this information was disclosed to the public. A CVE number has not been issued so far. CVE numbers are assigned to a list of information security vulnerabilities and exposures, providing a common name for public known problems as an easy reference in interactive communications.
Daniel Moghimi, a researcher to the report, speculates that the vulnerability issue is not easily patchable and that a patch to the area vector that could be attacked may take years to develop.
Researchers noted that iPhones and iPads are not susceptible to the attacks because they are protected with ARM and AMD processors cores. Thus only computers with Intel processor chips are vulnerable.
Over a year ago, in January of 2018, vulnerabilities in speculative execution functions were found and referred to as Spectre vulnerabilities.
This affected both Intel processors as well as ARM versions which included MacOS and iOS devices. Apple however, was quick to release corrections and defend against any vulnerabilities to hacker attacks.
The ‘Spoiler’ vulnerability is similar but different from ‘Spectre’ and makes it a completely separate vulnerability.