New 'Spoiler' vulnerability in all Intel Core processors exposed by researchers

By Malcolm Owen

Tuesday, March 05, 2019, 01:42 pm PT (04:42 pm ET)

A function of Intel's processors dealing with speculative execution has another vulnerability that affects all Intel-based computers including Apple's Mac, researchers have revealed, with "Spoiler" potentially allowing an attacker the ability to view the layout of memory, and in turn potentially access sensitive data stored in those locations.

https://appleinsider.com/articles/19/03/05/new-spoiler-vulnerability-in-all-intel-core-processors-exposed-by-researchers

Q!!mG7VJxZNCI

5 Mar 2019 - 1:43:06 PM

Every barrel has a bad apple.

But, in this case, bad apples do not spoil the bunch.

The core is what counts.

The SWAMP is EVERYWHERE.

Q

>>5555628

>>5555653

It is believed by the researchers the technique could make existing cache and "Rowhammer" attacks easier to perform, while at the same time enabling attacks using JavaScript to take seconds to complete, rather than weeks.

"There is no software mitigation that can completely erase this problem," according to the researchers. While the chip architecture could be fixed, it would considerably cut into the chip's performance.

Intel was advised about the vulnerability on December 1, 2018, and was disclosed to the public after a typical 90-day grace period. So far, Intel has not issued a CVE number for the problem, with Moghimi speculating the issue is not easily patchable with microcode in an efficient enough manner, and that a patch for the attack vector may take years to produce.

As it is an issue that affects all Intel Core processors from the first generation onwards to the most recent releases, regardless of operating system, it is almost certain that all Macs are susceptible to attacks that take advantage of the vulnerability. It is unclear if Apple has specifically responded to the issue due to it potentially affecting its macOS-running products.

The researchers note that ARM and AMD processor cores do not exhibit the same behavior, which means iPhones and iPads are safe from such attacks.

The speculative execution function was core to the Spectre vulnerabilities found in January 2018, which affected Intel processors as well as ARM-based versions, including both macOS and iOS devices, something which Apple quickly released mitigations to defend against. While similar in this regard, Spoiler functions quite differently from Spectre, and is a completely separate vulnerability.

"We expect that software can be protected against such issues by employing side channel safe development practices," said Intel regarding Rowhammer-style attacks. "Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research."

https://appleinsider.com/articles/19/03/05/new-spoiler-vulnerability-in-all-intel-core-processors-exposed-by-researchers

Trump's new push for selling insurance across state lines

Remember when President Trump campaigned on a health care platform of eliminating "the lines around the states?" Well, that particular white whale has re-emerged.

The Trump administration posted a 15-page document Wednesday asking for public comment on a range of questions related to the interstate sale of health insurance — including questions about using part of the Affordable Care Act to make that change.

Critics see this as a backdoor way to deregulate insurance. If a patient in New York can buy a lightly regulated policy from Iowa, what good are New York's rules about what plans have to cover and how they have to cover it?

There are logistical hurdles: It's pretty hard to set up a network of doctors and hospitals that will work for patients in both Iowa and New York. (((bullshit)))

The administration already took a bit of a victory lap on this front when it expanded access to association health plans.

That wasn't a full-scale deregulation, but it did expand of a type of insurance that can cross state lines — even though, due to the difficulty of creating provider networks, those plans are generally confined to one metro area.

https://s3.amazonaws.com/public-inspection.federalregister.gov/2019-04270.pdf

https://www.axios.com/trump-selling-insurance-state-lines-aca-f066a02c-f8cc-4b74-aac3-0854e140ad17.html