Weekend Reads 081618: New Vulnerabilities

Spectre and Meltdown are more than a new class of security holes. They’re deeply embedded in the fundamental design of recent generations of CPUs. So it shouldn’t come as any surprise that yet another major Intel chip security problem has been discovered: Foreshadow. —Steven J. Vaughan-Nichols @ZDNet

Foreshadow Attacks – Security researchers disclosed the details of three new speculative execution side-channel attacks that affect Intel processors. The new flaws, dubbed Foreshadow and L1 Terminal Fault (L1TF), were discovered by two independent research teams. —Pierluigi Paganini @Security Affairs

Security researchers at Check Point Software Technologies have discovered a new attack vector against the Android operating system that could potentially allow attackers to silently infect your smartphones with malicious apps or launch denial of service attacks. —Swati Khandelwal @The Hacker News

When a room filled with hundreds of security professionals erupts into applause, it’s notable. When that happens less than five minutes into a presentation, it’s remarkable. But that’s what transpired when security researcher Christopher Domas last week showed a room at Black Hat USA how to break the so-called ring-privilege model of modern CPU security. —Curtis Franklin Jr. @Dark Reading

Bought a new Android phone? What if I say your brand new smartphone can be hacked remotely? Nearly all Android phones come with useless applications pre-installed by manufacturers or carriers, usually called bloatware, and there’s nothing you can do if any of them has a backdoor built-in—even if you’re careful about avoiding sketchy apps. —Swati Khandelwal @The Hacker News

Your Mac computer running the Apple’s latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday. Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS operating system that could allow a malicious application installed in the targeted system to virtually “click” objects without any user interaction or consent. —Mohit Kumar @The Hacker News

You probably received more than a few emails from companies notifying you of changes to their privacy policy in the lead-up to May 25, 2018—the day the General Data Protection Regulation (GDPR) went into effect. The European Union drafted the GDPR to protect the personal and private data of citizens of the EU and European Economic Area and to establish a standard for data-security laws across Europe. —Azam Qureshi @Data Journal Journal

“I need you to make sure that I don’t walk into any walls or trip on the stairs,” one of my friends recently informed me. Her reason? She was running on about three and a half hours of sleep and was struggling with the simple task of walking. I hadn’t gotten much more sleep than she had, and I’m honestly not sure if we were any help to one another. I don’t remember if either of us walked into anything, but I don’t think I was alert enough to catch her if she did. —Patience Griswold @Intellectual Takeout