AMD and Intel are in a constant battle between which one of them has the best CPUs. Many enthusiasts will be going for whichever of the team has the best value to performance ratio in their CPU when it comes to gaming, streaming, and content creation.
The gist of it is that all people want is performance. However, another vital aspect that many people don't talk about is security. If you've seen recent news related to CPUs, you must have seen that there are numerous stories about vulnerabilities that are constantly discovered and they particularly affect Intel's CPUs.
The Reason Intel Is Having Problems
The reason Intel keeps running into problems is because of the two vulnerabilities called Spectre and Meltdown. You should know that Spectre affected Intel and AMD chips including a few Qualcomm chips, Meltdown was a problem that only affected Intel.
This was because of particular architectural flaws in how Intel's processors' CPU cache is set up. The cache is a small amount of high-speed memory that's integrated into the CPU die. It allows it to access information that it needs as often as it wants as fast as possible.
Intel did attempt to apply a few patches to repair how vulnerable its chips were to the Meltdown vulnerability. But the vulnerability is on a Silicon-level. It's a challenge for Intel to completely repair the problem without fully redesigning the fundamental architecture of the chips. This means that all the different variations of Meltdown that have been discovered also attack vulnerabilities in the cache.
A Recent Example Of An Intel CPU Vulnerability
One example of a recent bug affecting an Intel chip feature is called Software Guard Extension also called SGX. This is a part of the CPU that encrypts and stores sensitive data such as encryption keys.
Even if the operating system has been compromised in any way, the system's sensitive information should remain protected, if the particular program is coded to take advantage of SGX. Surprisingly, this makes attackers more attracted to the SGX. A bug was recently discovered that can decrypt and read the sensitive information inside it by using timing attacks.
Like how Meltdown vulnerability originally worked. The new bug called SGAxe revolves around a weakness named CacheOut, which is inspired by and related to Meltdown. These two bugs were found by researchers.
CacheOut actively bypasses Intel's software fixes they implemented, which highlights a problem that Intel is going through with trying to stop these Meltdown variations.
However, there is good news to be had among all this. What you should take note of is that Spectre and Meltdown have been known about for two years. But no major pieces of malware have managed to exploit them so far.
#CyberSecurity: Researchers found 2 new attacks against Intel CPUs to leak info from it: 1) #SGAxe, an evolution of #CacheOut CVE-2020-0549 & 2) #CrossTalk which enable code execution on SGX enclaves running on different core to determine its private keyshttps://t.co/xLaq2bpNPV — Chief InfoSec Office (@CISO_Thoughts) June 10, 2020