Foreshadow: Intel chips face new security exploit after troubling Meltdown, Spectre
Intel says it is working with operating system vendors, equipment manufacturers and other partners to fix the new security flaw.
Intel, one of the biggest chipset companies in the world, has come under scanner over a new serious security flaw found in its processors. Called "Foreshadow", the loophole allows hackers to access information from supposedly secure virtual vaults in Intel chips. The chipset company said it had already released software updates and that it did not appear anyone had taken advantage of the vulnerability.
The latest vulnerability in Intel chips comes months after troubling "Meltdown" and "Spectre" flaws exposed in computer chips early this year. Security researchers disclosed flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel Corp, Advanced Micro Devices and ARM Holdings.
"If used for malicious purposes, this class of vulnerability has the potential to improperly infer data values from multiple types of computing devices," Intel said on its website.
Its commonly used Core and Xeon processors were among the products that were affected, the company said.
"Intel has worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop platform firmware and software updates that can help protect systems from these methods," it said.
The "Meltdown" and "Spectre" flaws roiled the Silicon Valley chip maker, prompting a series of lawsuits and a congressional inquiry about Intel's handling of the matter
"We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices," Intel executive vice president and general manager of product assurance and security said of "Foreshadow" in a post on Intel's website.
"Once systems are updated, we expect the risk to consumer and enterprise users running non-virtualized operating systems will be low."
(with inputs from HT Correspondent, Reuters)