Equally Nvidia and Intel faced extreme security issues this 7 days – such as a substantial-severity bug in Nvidia’s GeForce NOW.
Nvidia is crimson-flagging a high-severity flaw in its GeForce NOW application computer software for Windows. An attacker on a community network can exploit the flaw in order to execute code or achieve escalated privileges on impacted devices.
GeForce NOW is the brand utilized by Nvidia for its cloud-based gaming company, which allows serious-time gameplay on desktops, laptops, Macs and Android units. With an approximated user foundation of 4 million, the assistance is wildly well-liked in the gaming neighborhood.
In a Tuesday security advisory, Nvidia revealed a flaw in the well known assistance (CVE‑2020‑5992) that has a CVSS rating of 7.3.
The bug stems from an “open-supply software package dependency” possessing to do with the OpenSSL library, which is a computer software library for programs that protected communications about computer networks towards eavesdropping or which need to have to identify the party at the other finish.
In this circumstance, OpenSSL library is vulnerable to binary planting attacks, according to Nvidia in its security advisory. Binary planting is a style of attack where by the attacker “plants” a binary file that includes destructive code within a (in this circumstance local) file process, in purchase for a susceptible application to load and execute it.
All variations prior to 2..25.119 are influenced end users are urged to update to edition 2..25.119.
“To shield your process, open the GeForce NOW application to routinely obtain the update and observe the directions for applying it,” according to Nvidia.
Nvidia has lately faced a variety of security issues in its gaming-pleasant merchandise. That incorporates two current flaws in the Windows version of its GeForce Experience software. The most serious flaw of the two (CVE-2020-5977) can guide to a slew of destructive attacks on impacted methods – like code execution, denial of company, escalation of privileges and details disclosure.
In October, Nvidia also introduced a patch for a critical bug in its large-performance line of DGX servers that could open the door for a distant attacker to acquire regulate of and access sensitive information on systems commonly operated by governments and Fortune-100 companies.
Other Processor Security Issues
Chip companies have deployed a slew of security updates this earlier week. A huge Intel security update on Tuesday, for occasion, addressed flaws across a myriad of merchandise – most notably, critical bugs that can be exploited by unauthenticated cybercriminals in get to get escalated privileges. These critical flaws exist in solutions associated to Wi-fi Bluetooth – such as a variety of Intel Wi-Fi modules and wireless network adapters – as very well as in its remote out-of-band administration tool, Energetic Management Technology (AMT).
Also this week, scientists unveiled a new way to steal cryptographic keys from Intel chips by way of a new side-channel attack, which they contact PLATYPUS.
The attack stems from the capability to exploit the Intel Managing Normal Electrical power Limit (RAPL) interface. RAPL makes it possible for monitoring and controlling the electricity intake of the CPU and DRAM in computer software. By launching a facet-channel attack towards RAPL, scientists had been able to not only distinguish unique keys, but also reconstruct full cryptographic keys.
Intel for its component said that the flaws (CVE-2020-8694 and CVE-2020-8695) are medium-severity. That’s in part owing to the point that in purchase to start an attack, a bad actor would will need to have local entry to a device, and would have to have to be authenticated or privileged.
The chip-maker recommended that buyers of affected Intel CPUs update to the most recent firmware edition delivered by the program manufacturer (a full listing of affected Intel chips and updates can be located here).
“Intel endorses that buyers of affected Intel Processors set up the updates presented by their application vendors,” according to Intel’s advisory. “In Linux, for the transform to be efficient it will require a reboot. If a reboot is not feasible, Intel recommends changing the permissions of the afflicted sysfs characteristics so that only privileged buyers can accessibility them.”
Hackers Put Bullseye on Health care: On Nov. 18 at 2 p.m. EDT find out why hospitals are obtaining hammered by ransomware attacks in 2020. Save your location for this Absolutely free webinar on healthcare cybersecurity priorities and hear from main security voices on how information security, ransomware and patching require to be a precedence for each individual sector, and why. Sign up for us Wed., Nov. 18, 2-3 p.m. EDT for this LIVE, confined-engagement webinar.
Some components of this article are sourced from: