Friday, 24 April 2020 17:02

Intel processor found fatal vulnerability

A team of specialists from American and European universities discovered a new vulnerability in Intel processors. The gap in the system is called Load Value Injection (LVI), the principle of attack with this vulnerability is described on the LVI website. [Lenta.ru]

 

The bug is based on other types of system vulnerabilities, particularly Meltdown. Unlike the hardware problem discovered in 2017, which is based on data retrieval, LVI works on the opposite principle. The vulnerability allows you to embed the attacker 's data into the victim program and perform the necessary operations. With Load Value Injection, the hacker accesses the user 's private information.

Experts have noticed that the new fatal vulnerability extends to Intel processors. In particular, by LVI it can be used on the processors of the family Xeon E5, E3-1200, E7-8800, E-2200, Intel Core of the tenth generation which are based on Ice Lake microarchitecture. Experts clarified that the vulnerability was discovered in April 2019 and was immediately reported to Intel.

The processor manufacturer has already issued appropriate security patches. Scientists believe that a hacker needs local access to the target computer to enter the system, but there is an option to infect the device with a JavaScript through a remote attack. Load Value Injection is fatal, but software patches significantly reduce the likelihood of hacking.

Intel stated that complex conditions are necessary to exploit this vulnerability: "Intel does not regard LVI as a real-world access method if the operating system and virtual machine manager have not been compromised. New recommendations and tools are already available to users, which, combined with previous updates, significantly reduce the overall attack surface. "

In early March, the Russian company Positive Technologies spoke about a new fatal vulnerability for Intel chipsets. The error allows you to change the root key of the hacked platform and access data encrypted on the device. All Intel chipsets released in the last five years are at risk.

Заявка на участие в тренинге
Личные данные

ФИО (англ.яз)
Неверный ввод

ФИО (рус.яз)
Неверный ввод

ФИО (каз.яз)
Неверный ввод

Дата рождения
Неверный ввод

Пол
Неверный ввод

Адрес

Страна
Неверный ввод

Город
Неверный ввод

Улица, дом, квартира
Неверный ввод

Почтовый индекс
Неверный ввод

Бизнес информация

Область деятельности
Неверный ввод

Место работы
Неверный ввод

Должность
Неверный ввод

Контактные данные

Мобильный телефон
Неверный ввод

Домашний телефон
Неверный ввод

Рабочий телефон
Неверный ввод

Электронная почта
Неверный ввод

Skype
Неверный ввод

Уровень образования на время заполнения заявки:
Неверный ввод

ОБРАЗОВАНИЕ (1)

Учебное заведение
Неверный ввод

Факультет
Неверный ввод

Специальность
Неверный ввод

Дата окончания
Неверный ввод

Номер диплома
Неверный ввод

Ученая степень

Дата получения
Неверный ввод

Степень
Неверный ввод

Название и номер документа, удостоверяющего получение
Неверный ввод