2 days ago
11
Everyone with any Intel graphics solution should be sure to update their drivers this week—the tech giant just announced ten new security vulnerabilities affecting a wide range of its GPU drivers and software. Nearly every Intel GPU or integrated graphics going back to the 6th generation of Core processors is affected by one or more of these vulnerabilities, which can be addressed by updating to the latest Intel graphics drivers.
The laundry list of vulnerabilities coming from Team Blue all require local access to take advantage of, greatly downgrading their importance to the average user. As the saying goes, if a hostile attacker has local access to your system, you have bigger things to worry about than side-channel attacks. But a group of vulnerabilities affecting Intel's entire graphics operation, going back to Skylake CPUs, is no laughing matter.
"Improper access control" for graphics software and drivers is the most serious repeat offender on the list. The vulnerabilities allow for escalation of privilege, denial of service, and information disclosure attacks. The integrated graphics software of every consumer CPU release since 6th-gen Intel Core, all Iris Xe and Arc GPUs, and Intel Data Center GPU Flex 140/170 GPUs are affected by one or more vulnerabilities and should be updated to the most recent drivers. Every user using drivers released after October 2024 is already protected from the vulnerabilities.
This great wave of security holes immediately follows another Intel security event. Earlier this week, researchers at ETH Zurich found a new way around Intel's fixes for the data-leaking Spectre v2 vulnerability, prompting its own round of advisories and fixes from Team Blue. Intel's CPU architecture is consistently plagued by side-channel and branch prediction attacks like Spectre, with its hardware and software fixes prone to being maneuvered around.
The CPU vulnerability discovered by Zurich also affected a wide swath of Intel CPUs, though the attack also requires local access and, according to Intel, has no real-world applications yet discovered. Intel advises anyone with an affected CPU to consult their system manufacturer for BIOS or microcode updates.
Intel's software weaknesses seem like a perennial issue for the tech giant, yet another problem weighing on the company in danger. Intel recently announced that its Intel Foundry program is not expected to break even until 2027, another issue for the company which has had multiple waves of layoffs this year. Intel's future is uncertain, making its proclivity for security flaws and vulnerabilities all the more serious.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
English (US) ·