For the third time in less than a year, Intel has revealed a brand new set of vulnerabilities linked to the speculative functionality of its processors. On Monday, the company announced it would issue a software update “within the coming weeks” that can fix two more microarchitectural data sampling (MDS) or Zombieload flaws. This newest update appears after the company issued two separate patches in May and November of last year.
Compared to the MDS flaws Intel addressed in these two earlier patches, these latest ones have a few limitations. To begin, one of many vulnerabilities, L1DES, doesn’t work on Intel’s newer chips. Moreover, a hacker cannot execute the assault utilizing a web browser. Intel additionally says it is “not conscious” of anybody taking advantage of the flaws exterior of the lab.
Nonetheless, like when the company issued its second MDS patch in November, safety researchers are criticizing Intel for its piecemeal strategy. “We spent months trying to persuade Intel that leaks from L1D evictions had been doable and needed to be addressed,” the international team of computer scientists that discovered the flaw wrote on their website. In an addendum to their unique paper, there is a sense of exasperation with the company.