August 9, 2024 at 08:33AM The 2018 Spectre and Meltdown vulnerabilities exposed computer memory as a target for hackers to inject code and steal data. To address this, Microsoft is transitioning system applications to the Rust programming language for memory safety, while chip makers established the CHERI Alliance to create secure hardware architecture. Challenges include … Read more
July 26, 2024 at 10:16AM Academic researcher Daniel Gruss emphasizes that chip vulnerabilities like Spectre and Meltdown could have been resolved earlier if chip makers took reports more seriously. He and Intel’s Anders Fogh are addressing past and future vulnerabilities at Black Hat USA 2024, highlighting the collaboration between researchers and chip makers to counter … Read more
February 29, 2024 at 02:28PM The MITRE-led CWE program added four new microprocessor-related weaknesses, including exposure of sensitive information during transient execution and data leaks tied to microarchitectural structures and incorrect data forwarding. These vulnerabilities help processors address major issues like Meltdown and Spectre and contribute to a common language for discussing microprocessor weaknesses in … Read more
November 9, 2023 at 05:28PM A lawsuit has been filed against Intel by PC buyers who claim the company failed to address faulty chip instructions that led to the Downfall vulnerability. The lawsuit alleges that Intel knew about the susceptibility of its AVX instruction set to side-channel attacks in 2018 but only fixed the defect … Read more
October 26, 2023 at 02:06PM A group of academics has discovered a new side-channel attack called iLeakage that targets Apple’s A- and M-series CPUs on iOS, iPadOS, and macOS devices. By exploiting a weakness in Safari, sensitive information can be extracted. The attack could be used to retrieve Gmail inbox content and autofilled passwords from … Read more
October 26, 2023 at 01:47PM University researchers have developed a new exploit called iLeakage that can steal information from Apple Macs, iPhones, and iPads. The exploit targets Apple’s Safari browser and can steal secrets such as Gmail inbox data, text messages, and watch histories from YouTube. It can be launched against devices running Apple’s A-series … Read more