Intel confirms three security flaws in its chips
Top U.S. chipmaker Intel Corp. on Tuesday confirmed that three more severe security flaws were found in some of its microprocessors that could pose potential risks of illegal data access from computer memory.
An Intel sign is seen during the Consumer Electronics Show (CES) 2018 at the Las Vegas Convention Center in Las Vegas, Nevada on January 12, 2018. [Photo: AFP/Mandel Ngan]
Intel said in a technical statement that the security holes in its chips could allow malware and malicious applications to steal sensitive data such as passwords and encryption key from computer memory.
"Today, Intel and our industry partners are sharing more details and mitigation information about a recently identified speculative execution side-channel method called L1 Terminal Fault (L1TF)," Intel said.
It said the security vulnerabilities were found and reported by researchers in Katholieke Universiteit Leuven of Belgium, Israel Institute of Technology, U.S. University of Michigan and the University of Adelaide in South Australia.
"We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices," said the company.
It said its security team has identified the security flaws that could "impact other microprocessors, operating systems and virtualization software."
Intel said its popular next-generation Xeon processors were among the products affected by the security bugs, which could be exploited with a similar technique like the Spectre and Meltdown flaws disclosed earlier this year.
The world's major chipmaker said it has been working on fixes for the flaws with researchers and other partners, and new updates will be rolled out this year to minimize security risks for its users.
As "bad actors" continuously pursue increasingly sophisticated attacks, "we continue to encourage everyone to take advantage of the latest security protections by keeping your systems up-to-date," Intel said.