Over a year after the Meltdown and Spectre security flaws ravaged the PC industry, Intel has revealed a new, even more serious set of vulnerabilities.
The new flaws are called Microarchitectural Data Sampling, or MDS, and while the processor giant and the security researchers who discovered them have never seen exploits in the wild, they’ve been able to create exploits of their own as a proof of concept.
Though the Intel chipsets released this year include a fix for the flaws, they impact every Intel microprocessor released since 2011, so previous versions will need to be patched. Those patches are already available, but some, depending on the chipset, could slow performance by as much as 19 percent. Worse, the fixes for older chipsets don’t completely mitigate the problems.
The security researchers who worked with Intel have released their own information about the flaws as well, and each has created sample exploits to demonstrate the issues. One group has named their exploits RIDL and Fallout.
“The RIDL and Fallout speculative execution attacks allow attackers to leak confidential data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your information to malicious websites,” notes a new website created by one team of security researchers who notified Intel about the problems.