The funky vulnerability of the month – what we call aBWAIN, short forBug With an Impressive Name– isPlundervolt, also known asCVE-2019-11157. Learn more about this vulnerability, how it works and what actions you should be taking to protect you system in an informative Naked Security article:
Plundervolt is a slightly ponderous pun onThunderbolt(a hardware interface that’s had its own share ofsecurity scares), and the new vulnerability has its own domain and website, its own HTTPS certificate, its own pirate-themed logo, and a media-friendly strapline:How a little bit of undervolting can cause a lot of problems.
In very greatly simplified terms, the vulnerability relies on the fact that if you run your processor on a voltage that’s a little bit lower than it usually expects, e.g. 0.9V instead of 1.0V, it may carry on working almost as normal, but get some – just some – calculations very slightly wrong.
The link for this article located at Naked Security is no longer available.