You’ll want to perk up when it comes to the new ‘Lazy State’ Intel CPU bug

best processors Core i7-7700K

A new security vulnerability in a similar vein to Spectre and Meltdown has been discovered in Intel CPUs. The “Lazy FP state” flaw makes use of the speculative execution vulnerability that has been the bane of Intel CPUs for the past few months as repeated exploits have been discovered. It could potentially allow malicious actors to steal data from an affected user, though it has proven easier to patch than previous exploits of a similar type.

Processors from both AMD and Intel have been hit with a number of different security bugs in the past few months, as flaws at the deepest level of the hardware were discovered. While Spectre was applicable to both chipmakers’ hardware though, this latest bug is one that impacts Intel CPUs only. It affects every “Core” CPU released since Intel’s 2011 Sandy Bridge range debuted.

The problem stems from the fact that modern CPUs often store the state of running applications to improve performance when switching between tasks. That leaves a window of opportunity for malicious actors to read the contents of that register.

“It affects Intel designs similar to variant 3-a of the previous stuff, but it’s not Meltdown,” Red Hat computer architect Jon Masters said via Zdnet. “It allows the floating point registers to be leaked from another process, but alas that means the same registers as used for crypto, etc.”

That’s perhaps the most worrisome aspect of this flaw, in that it allows for the extraction of data while encryption is being conducted. That could be especially problematic if servers were targeted.

Fortunately, this flaw is much less of a problem than those previously discovered. It has already been patched out in a number of environments — including Linux 4.9 or newer, Windows Server 2016, and Windows 10. Better yet, the fix does not impact performance as it has done in the case of certain other exploits related to Spectre and Meltdown.

The general recommendation for anyone running potentially affected hardware is to make sure that you operating system is patched to its latest version and to keep an eye on your motherboard manufacturer’s website for any potential BIOS updates that are released.

Intel has released the following statement on Lazy FP:

“This issue, known as Lazy FP state restore, is similar to Variant 3a. It has already been addressed for many years by operating system and hypervisor software used in many client and data center products. Our industry partners are working on software updates to address this issue for the remaining impacted environments and we expect these updates to be available in the coming weeks. We continue to believe in coordinated disclosure and we are thankful to Julian Stecklina from Amazon Germany, Thomas Prescher from Cyberus Technology GmbH, Zdenek Sojka from SYSGO AG, and Colin Percival for reporting this issue to us. We strongly encourage others in the industry to adhere to coordinated disclosure as well.”

Computing

Critical MacOS Mojave vulnerability bypasses system security

Security Researcher Patrick Wardle has discovered a critical MacOS Mojave security flaw that could potentially allow malicious applications to bypass Mac's system security controls.
Gaming

PS4 players get new content a week early in 'Call of Duty: Black Ops 4'

Call of Duty: Black Ops 4 arrives on PS4, Xbox One, and PC on October 12. Here's everything you need to know about the game, including info on multiplayer, Zombies, Blackout, and Signature Weapons.
Mobile

Here's the Samsung Galaxy S9's new Android 9.0 Pie interface

The Samsung Galaxy S9 and Galaxy S9 Plus are here. The flagship devices boast some awesome new features and a powerful new processor. Here's everything you need to know about these Samsung phones.
Computing

Windows improves handwriting-recognition skills at the peril of users’ security

A Windows file that is designed to help improve the platform's ability to translate your handwritten notes into readable text may be a security concern. One researcher found it contained passwords and email contents.
Computing

Detangle your desk with these mighty wireless mice

If you're looking for the best wireless mouse on the market, we've got the list for you!. Here are six models that will give everyone what they need, whether they're hardcore gamers or looking to ward off carpal tunnel.
Computing

It's not all free money. What to know before you try to mine Bitcoin

Mining Bitcoin today is harder than it used to be, but if you have enough time, money and cheap electricity, you can still turn a profit. Here's how to get started mining Bitcoin at home and in the cloud.
Computing

How Razer forged the Blade 15, the slim gaming laptop nobody else could build

With the recent launch of the Blade 15, Razer ushered in a new design language that's cleaner and more angular. We recently visited Razer's San Francisco, California design studio to learn more about Razer's approach to design.
Computing

Bing, Windows search evolve into new, cross-platform Microsoft Search

Microsoft is upgrading its various search tools to provide more contextual help for those seeking it. Bing, Office, and Windows search will all be upgraded over the coming months to provide much more nuanced results.
Computing

U.N. security blunder left secret Trello boards, Google Docs exposed

United Nations documents were left vulnerable to unauthorized users by staffers who left Trello boards and Google Docs unprotected and accessible to anyone who had their unique URLs.
Computing

Back for the boardroom, Microsoft outlines the future of the Surface Hub

With the Surface Hub 2 still on the horizon, Microsoft announced two additional versions of its digital whiteboard, the Surface Hub 2S and 2X, to attendees of their 2018 Ignite developer conference.
Computing

Here's how to install the free MacOS Mojave update now

Apple's newest operating system has finally arrived, and we'll show you how to download MacOS Mojave for free. After you install Mojave, you'll be able to take advantage of new apps ported from iOS, a dark theme, and more.
Computing

Chrome 69 logs you in without consent, but Google says it’s for your own good

Google is under fire for how Chrome 69 behaves. When you log into a Google service, you're automatically logged into the browser, raising serious privacy concerns. Google was forced to address its tactics and update its policy.
Computing

Microsoft Teams blurs your video background, prevents national embarrassment

Users of Microsoft Teams platform can now blur out their background during video calls as the company calls out the world's favorite BBC dad to show it can be done. Available now for all Microsoft Team customers.
Music

Spotify vs. Pandora: Which music streaming service is better for you?

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.