Widespread Intel CPU vulnerability may be exploited for data theft

Several generations of Intel x86 CPUs are vulnerable to attacks leveraging the nearly decade-old Downfall flaw, which could result in the exfiltration of encryption keys and other sensitive data, CyberScoop reports. Exploitation of the Downfall vulnerability enables threat actors to disable hardware isolation of different applications' data, according to a study by University of California computer security expert Daniel Moghimi set to be presented at the Black Hat cybersecurity conference. "When you have a vulnerability like this, essentially this software-hardware contract is broken, and the software can access physical memory inside the hardware that was supposed to be abstracted away from the user program," said Moghimi. Intel has already begun efforts to remediate the flaw, which is not yet subjected to in-the-wild abuse, but Moghimi noted that Intel's fix does not resolve the problem's source and detection of any exploitation is challenging. Meanwhile, other experts have likened Downfall to the Spectre and Meltdown CPU vulnerabilities. "While the mechanism is quite different, this technique has echoes of Meltdown/Spectre in that it exploits another workaround Intel has used to speed up the affected chips. It shows the challenge Intel and others have had trying to cushion the blow of Moores Law coming to an end," said Atlantic Council Cyber Statecraft Initiative Director Trey Herr.