Language Selection

English French German Italian Portuguese Spanish

Security: Updates, MDS, WhatsApp and 'The Cloud'

Filed under
Security
  • Security updates for Tuesday
  • Understanding the MDS vulnerability: What it is, why it works and how to mitigate it

    MDS vulnerabilities explained in ~three minutes

  • A deeper look at the MDS vulnerability

    In our last post, Jon Masters offered an overview of the MDS vulnerability. In this video, Jon provides a ddeper technical explanation of the vulnerability.

  • SUSE addresses Microarchitectural Data Sampling Vulnerabilities

    Researchers have identified new CPU side channel information leak attacks against various microarchitectural buffers used in Intel CPUs. These attacks allows local attackers to execute code to read out portions of recently read or written data by using speculative execution. Local attackers can be on the same OS or running code on the same thread of a CPU core, which could happen for other VMs on the same physical host.
    Intel, together with hardware and operating system vendors, have worked over recent months to prepare mitigations for these vulnerabilities, also known as RIDL, Fallout and ZombieLoadAttack.

  • MDS: The Newest Speculative Execution Side-Channel Vulnerability [Ed: Faked performance means no security and since there are no rules associated with this, there will be no multi-billion-dollar fines, no mass recalls etc. What an awful industry.]

    Intel just disclosed a new speculative execution side-channel vulnerability in its processors similar to the existing Spectre/L1TF vulnerabilities. This new disclosure is called the Microarchitectural Data Sampling (MDS).

    The Microarchitectural Data Sampling vulnerability was discovered by Intel researchers and independently reported as well by external researchers and is said to be similar to existing speculative execution side channel vulnerabilities. Fortunately, some current-generation CPUs are not vulnerable and Intel says all new processors moving forward will be mitigated. For those processors affected, microcode/software updates are said to be coming.

  • Update WhatsApp now to avoid spyware installation from a single missed call
  • Update WhatsApp Now, Adobe Warning Creative Cloud Users with Older Apps, Kernels Older than 5.0.8 Are Vulnerable to Remote Code Execution, Schools in Kerala Choose Linux and MakeOpenStuff Is Launching the HestiaPi Touch Smart Thermostat

    A vulnerability in WhatsApp allows spyware to be installed from a single unanswered phone call. The Verge reports that the "spyware, developed by Israel's secretive NSO group, can be installed without trace and without the target answering the call, according to security researchers and confirmed by WhatsApp. Once installed, the spyware can turn on a phone's camera and mic, scan emails and messages, and collect the user's location data. WhatsApp is urging its 1.5 billion global users to update the app immediately to close the security hole."

  • How WhatsApp exposed its users to a spyware attack

    Facebook-owned firm confirms that a vulnerability in WhatsApp opened doors for a spyware attack that installs a malicious code on victim's smartphone...

  • Modern IT security: Sometimes caring is NOT sharing

    The last decade of technological advances has seen a race to reduce costs. Migration to virtualized systems quickly eclipsed traditional bare-metal deployments. At some point, virtualization will be out-paced by containerization. While the physical footprint of an organization’s compute resources may have been reduced, the complexity of managing those environments certainly has not.

    Back in the Stone Age of IT operations and information security, everyone’s attention was focused on the corporate datacenter and the physical machines that lived there. It was simpler to understand where security controls needed to be applied. You had one giant cable coming into the building from "the internet," so you’d throw firewalls, Information Data Leak Prevention/Detection (IDP/IDS), proxies, load balancers and other tools in-line before that channel was split to the larger corporate network. This Castle-and-Moat model of protection worked fairly well (ignoring the insider threat) for decades.

    [...]

    Virtualization evolved into "the cloud". TL/DR for everyone out there: the cloud is just someone else’s computer. You used to run it on your server in your datacenter. Move it "to the cloud" and it now runs on Frank’s Discount Cloud and actually sits in his basement in Peoria, Illinois. Cloud-enabled individuals and businesses to have a low-cost means to quickly deploy systems and applications. It offered benefits around high availability and other features you’d typically see deployed in Enterprise-class organizations. Instead of ordering physical boxes from your favourite retailer or OEM and having that take weeks to be delivered and weeks more to be configured and deployed, now you call up Frank (say "Hi!" to his mom while she’s down in the server room doing Frank’s laundry) and Frank can have you up and running with computing and storage resources in minutes. Cloud lets you "outsource" a lot of technology and skills you might not have in-house (or have any interest in managing yourself).

Latest on MDS

  • "ZombieLoad": a new set of speculative-execution attacks

    The curtain has finally been lifted on the latest set of speculative-execution vulnerabilities. This one has the delightful name of ZombieLoad; it is also known as "microarchitetural data sampling", but what's the fun in that? Various x86 processors stash data into hidden buffers that can, in some cases, be revealed via speculative execution. Exploits appear to be relatively hard.

  • Ubuntu updates to mitigate new Microarchitectural Data Sampling (MDS) vulnerabilities

    Microarchitectural Data Sampling (MDS) describes a group of vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091) in various Intel microprocessors, which allow a malicious process to read various information from another process which is executing on the same CPU core. This occurs due to the use of various microarchitectural elements (buffers) within the CPU core. If one process is able to speculatively sample data from these buffers, it can infer their contents and read data belonging to another process since these buffers are not cleared when switching between processes. This includes switching between two different userspace processes, switching between kernel and userspace and switching between the host and a guest when using virtualisation.

    In the case of a single process being scheduled to a single CPU thread, it is relatively simple to mitigate this vulnerability by clearing these buffers when scheduling a new process onto the CPU thread. To achieve this, Intel have released an updated microcode which combined with changes to the Linux kernel ensure these buffers are appropriately cleared.

    Updated versions of the intel-microcode, qemu and linux kernel packages are being published as part of the standard Ubuntu security maintenance of Ubuntu releases 16.04 LTS, 18.04 LTS, 18.10, 19.04 and as part of the extended security maintenance for Ubuntu 14.04 ESM users. As these vulnerabilities affect such a large range of Intel processors (across laptop, desktop and server machines), a large percentage of Ubuntu users are expected to be impacted – users are encouraged to install these updated packages as soon as they become available.

  • A Slew Of Stable Kernel Updates Issued For Addressing MBS / Zombieload Vulnerabilities

    Following today's disclosure of the new MDS vulnerabilities affecting Intel CPUs, a slew of new Linux kernel stable releases have been issued.

    Greg Kroah-Hartman has issued Linux 5.1.2, 5.0.16, 4.19.43, 4.14.119, and 4.9.176 with these now public mitigation patches that pair with Intel's CPU microcode for mitigating this latest set of speculative execution side-channel vulnerabilities.

Insecurity firms spread fear over MDS to sell products/services

  • Linux Kernel Flaw Allows Remote Code-Execution

    The bug is remotely exploitable without authentication or user interaction.

    Millions of Linux systems could be vulnerable to a high-impact race condition flaw in the Linux kernel.

    Kernel versions prior to 5.0.8 are affected by the vulnerability (CVE-2019-11815), which exists in the rds_tcp_kill_sock in net/rds/tcp.c. “There is a race condition leading to a use-after-free [UAF],” according to the CVE description.

The 'insecurity publishers' use scary buzzwords now ("Meltdown")

  • The second Meltdown: New Intel CPU attacks leak secrets

    Over a year ago, the Meltdown and Spectre attacks took the computer industry by storm and showed that the memory isolation between the operating system kernel and unprivileged applications or between different virtual machines running on the same server were not as impervious as previously thought. Those attacks took advantage of a performance enhancing feature of modern CPUs called speculative execution to steal secrets by analyzing how data was being accessed inside CPU caches.

    Since then, the research community found additional "side channel" techniques that could allow attackers to reconstruct secrets without having direct access to them, by analyzing how data passes through the CPU's microarchitectural components during speculative execution.

More on WhatsApp's Flaw

  • On WhatsApp, it may be hackers calling
  • Why it might be time to ditch WhatsApp for Signal or Telegram

    By now you’ve heard the news: WhatsApp is currently rolling out an urgent update to all app users to close a major vulnerability that leaves unpatched phones at risk of being targeted by hackers. WhatsApp is owned by Facebook, and if you plan to stick with the platform, don’t wait for an update notification: access your phone’s app store now to force install the update.

    Except maybe now is the time to go one step further: perhaps it’s the perfect opportunity to switch to a different messaging platform. One that’s not owned by one of the major tech companies, is equally -- if not more -- secure, and which works on more than just your phone. Enter stage left, Telegram, and stage right, Signal.

Linux vs. Zombieload

  • Linux vs. Zombieload

    The researchers have shown a Zombieload exploit that can look over your virtual shoulder to see the websites you're visiting in real-time. Their example showed someone spying on another someone using the privacy-protecting Tor Browser running inside a virtual machine (VM).

    Zombieload's more formal name is "Microarchitectural Data Sampling (MDS)." It's more common name comes from the concept of a "zombie load." This is a quantity of data that a processor can't handle on its own. The chip then asks for help from its microcode to prevent a crash. Normally, applications, virtual machines (VMs), and containers can only see their own data. But the Zombieload vulnerabilities enable an attacker to spy on data across the normal boundaries on all modern Intel processors.

    Unlike the earlier Meltdown and Spectre problems, Intel was given time to ready itself for this problem. Intel has released microcode patches. These help clear the processor's buffers, thus preventing data from being read.

    To defend yourself, your processor must be updated, your operating system must be patched, and for the most protection, Hyper-Threading disabled. When Meltdown and Spectre showed up, the Linux developers were left in the dark and scrambled to patch Linux. This time, they've been kept in the loop.

Canonical Releases Ubuntu Updates to Mitigate New MDS Security

  • Canonical Releases Ubuntu Updates to Mitigate New MDS Security Vulnerabilities

    Four new security vulnerabilities affecting Intel microprocessor have been publicly disclosed earlier, and Intel already released updated microcode firmware to mitigate them, but in the case of Linux-based operating system these flaws cannot be addressed only by updating the CPU firmware, but also by installing new Linux kernel versions and QEMU patches.

    The vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091) affect various Intel processors and could allow a local attacker to expose sensitive information. They have an impact on all supported Ubuntu Linux releases, including Ubuntu 19.04 (Disco Dingo), Ubuntu 18.10 (Cosmic Cuttlefish), Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 ESM (Trusty Tahr).

Intel and MDS

  • Intel CPUs impacted by new Zombieload side-channel attack

    Academics have discovered a new class of vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU.

    The leading attack in this new vulnerability class is a security flaw named Zombieload, which is another side-channel attack in the same category as Meltdown, Spectre, and Foreshadow.

How Hackers Broke WhatsApp With Just a Phone Call

Cameron Kaiser: ZombieLoad doesn't affect Power Macs

  • Cameron Kaiser: ZombieLoad doesn't affect Power Macs

    The latest in the continued death march of speculative execution attacks is ZombieLoad (see our previous analysis of Spectre and Meltdown on Power Macs). ZombieLoad uses the same types of observable speculation flaws to exfiltrate data but bases it on a new class of Intel-specific side-channel attacks utilizing a technique the investigators termed MDS, or microarchitectural data sampling. While Spectre and Meltdown attack at the cache level, ZombieLoad targets Intel HyperThreading (HT), the company's implementation of symmetric multithreading, by trying to snoop on the processor's line fill buffers (LFBs) used to load the L1 cache itself. In this case, side-channel leakages of data are possible if the malicious process triggers certain specific and ultimately invalid loads from memory -- hence the nickname -- that require microcode assistance from the CPU; these have side-effects on the LFBs which can be observed by methods similar to Spectre by other processes sharing the same CPU core. (Related attacks against other microarchitectural structures are analogously implemented.)

WhatsApp is not end-to-end because Facebook keeps copy of keys

  • The Ultimate Bad Take: Bloomberg's Leonid Bershidsky Thinks A WhatsApp Vulnerability Proves End To End Encryption Is Useless

    Bloomberg has really been on a roll lately with getting security stories hellishly wrong. Last fall it was its big story claiming that there was a supply chain hack that resulted in hacked SupermMicro chips being used by Amazon and Apple. That story has been almost entirely debunked, though Bloomberg still has not retracted the original. Then, just a few weeks ago, it flubbed another story, claiming that the presence (years ago) of telnet in some Huawei equipment was a nefarious backdoor, rather than a now obsolete but previously fairly common setup for lots of equipment for remote diagnostics and access.

    The latest is an opinion piece, rather than reporting, but it's still really bad. Following yesterday's big revelation that a big security vulnerability was discovered in WhatsApp, opinion columnist Leonid Bersidsky declared it as evidence that end-to-end encryption is pointless.

Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets

  • Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs

    More than a year has passed since security researchers revealed Meltdown and Spectre, a pair of flaws in the deep-seated, arcane features of millions of chip sold by Intel and AMD, putting practically every computer in the world at risk. But even as chipmakers scrambled to fix those flaws, researchers warned that they weren't the end of the story, but the beginning—that they represented a new class of security vulnerability that would no doubt surface again and again. Now, some of those same researchers have uncovered yet another flaw in the deepest guts of Intel's microscopic hardware. This time, it can allow attackers to eavesdrop on virtually every bit of raw data that a victim's processor touches.

    Today Intel and a coordinated supergroup of microarchitecture security researchers are together announcing a new, serious form of hackable vulnerability in Intel's chips. It's four distinct attacks, in fact, though all of them use a similar technique, and all are capable of siphoning a stream of potentially sensitive data from a computer's CPU to an attacker.

    [...]

    AMD and ARM chips don't appear to be vulnerable to the attacks, [...]

Microarchitectural Data Sampling (MDS) focus now on Intel

  • Intel reveals four more Spectre-like bugs in its processors

    Intel has revealed four more vulnerabilities in all its modern processors, all of which could lead to side channel attacks that use speculative execution to leak data.

  • Intel CPU Exploit Zombieload Uses Hyperthreading To Steal Data

    he latest Intel CPU exploit termed Zombieload is a speculative execution side-channel attack. It uses Intel Hyperthreading to execute a Microarchitectural Data Sampling (MDS) attack which targets buffers in CPU microarchitecture.

    According to a report, Intel CPUs made since 2008 are all susceptible to this attack. The latest 8th and 9th gen Intel CPUs are safe from this issue. Intel has released a security patch for this security flaw.

Steinar H. Gunderson: Bug fest

RIP Hyper-Threading?

  • RIP Hyper-Threading? ChromeOS axes key Intel CPU feature over data-leak flaws – Microsoft, Apple suggest snub

    In conjunction with Intel's coordinated disclosure today about a family of security vulnerabilities discovered in millions of its processors, Google has turned off Hyper-Threading in Chrome OS to fully protect its users.

    Meanwhile, Apple, Microsoft, IBM's Red Hat, QubesOS, and Xen advised customers that they may wish to take similar steps.

    The family of flaws are dubbed microarchitecture data sampling (MDS), and Chipzilla's official advisory is here, along with the necessary microcode updates to mitigate the data-leaking vulnerabilities and list of affected products. Installing these fixes and disabling Intel's Hyper-Threading feature is a sure fire way to kill off the bugs, though there may be a performance hit as a result.

Debian Patches New Intel MDS Security Vulnerabilities in Debian

  • Debian Patches New Intel MDS Security Vulnerabilities in Debian Linux Stretch

    On May 14th, Intel disclosed four new security vulnerabilities affecting several of its Intel CPUs, which could allow attackers to leak sensitive information if the system remains unpatched. Intel has worked with major OS vendors and device manufactures to quickly deploy feasible solutions for mitigating these flaws, and now patches are available for users of the Debian GNU/Linux 9 "Stretch" operating system series.

    "Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into temporary microarchitectural structures (buffers). This flaw could allow an attacker controlling an unprivileged process to read sensitive information, including from the kernel and all other processes running on the system or cross guest/host boundaries to read host memory," reads the security advisory.

Now the BSD World

  • The BSDs Get Promptly Mitigated For The MDS Side-Channel Vulnerabilities

    When Spectre and Meltdown came to light, there was some frustrations in the BSD community that it took time for them to be briefed and ultimately handling the mitigations for these CPU security vulnerabilities. Fortunately, with the new Microarchitectural Data Sampling (MDS, also dubbed "Zombieload") vulnerabilities, the key BSDs have seen punctual patches.

    FreeBSD on Tuesday issued a security advisory that does include patches and additional guidance. FreeBSD's guidance is also recommending the disabling of Hyper Threading for systems with users/processors in different trust domains. FreeBSD also provides instructions on setting up the loading of the latest Intel CPU microcode files and applying patches for FreeBSD 12 and 11 series.

Zombieload Intel Vulnerability Explained

  • Zombieload Intel Vulnerability Explained: Nasty Flaw In Millions Of CPUs

    Zombieload is the latest Intel CPU vulnerability to plague everything from desktop computers to enterprise level servers. However, due to the increasingly complex nature of online attacks, it is becoming harder for companies to detect and fix them.

    These fixes are usually half measured at best and cause the processors of enterprises as well as the average user to lose their performance value in the long run or so we’re told. Online attacks like Spectre and Meltdown affect almost everyone that uses a computer. It is a problem which is forcing companies to cut corners, more often than not, in areas concerning performance.

More MDS Media Coverage

СloudLinux, LWN and Red Hat on MDS

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines