Zombieload Intel side-channel attack detailed - CPU

New security flaw in Intel chips could affect millions

Intel past year disclosed that hackers could potentially read sensitive data on its processors, which power most data centers and personal computers, by exploiting a feature called speculative execution, in which the chip tries to guess which computations it will carry out ahead of time in an effort to speed up the chip. ZombieLoad affects every Intel processor made since 2011, which means all MacBooks and a large majority of Windows PCs are in the crosshairs.

A "zombie load" is a high amount of data that the processor can not properly handle, which causes the processor to use elements of its microcode to prevent the whole PC crashing. Most programs normally only have access to their own data, but with Zombieload, a malicious program could exploit the CPU to gain access to information held by other programs running on the machine.

It has been just over a year since CPU vulnerabilities like Spectre and Meltdown last dominated the news cycle. In a statement to Wired, a Microsoft spokesperson said, "We're aware of this industry-wide issue and have been working closely with affected chip manufacturers to develop and test mitigations to protect our customers". The official reference number for Zombieload is CVE-2019-12130 and the latest Intel microcode update puts protections in place to mitigate the issue.

There will also be a security update for Macs running macOS Sierra and macOS High Sierra as well. iPhones and iPads are not affected.

KitGuru Says: The unveiling of Zombieload/MDS comes at an unfortunate time, as Computex is right around the corner and Intel is due to release new CPUs very soon.

Chromebooks and Chrome OS devices will have already had the ZombieLoad patches applied.

Of course, hackers need to have some way to run code on a targeted machine before the MDS vulnerabilities can be exploited so their severity might not be relevant to people who keep their PC under lock and key.

Fixing these flaws is also problematic as it requires patching processors in ways that may slow them down. Meltdown and Spectre ended up causing a lot of disruption - and badly damaged Intel's reputation.

Related:

Comments

Latest news

Kevin Durant OUT Remainder of Warriors-Rockets Series
Golden State almost gave it away with an bad third quarter, when the Warriors managed just 15 points and committed six turnovers. Where are Durant's minutes going to go? But when he went out, got the ball in your hands, initiate the offense, shots went in.

Hamilton wins in Spain to take F1 championship lead
With Ferrari committing Vettel to a two-stop strategy, Red Bull made a decision to pit Verstappen early to cover him off as well. The next race will be held in Monaco on May 26, 2019. "We have discussed this topic on the board", Wolff admits.

Blue Jays address banged-up rotation, acquire veteran Edwin Jackson
James McCann is 11-for-25 with four doubles, two home runs and six RBIs over the last 10 games for Chicago. Vlad watch: Guerrero had reached base in five consecutive plate appearances before a fly out in the third.

Tim Conway, star of the ‘Carol Burnett Show,’ dies at 85
A six-time Emmy Award victor , Conway died Tuesday at 8:45 a.m.in Los Angeles, according to The Hollywood Reporter . Conway is survived by his wife of 35 years, his stepdaughter, his six biological children and two granddaughters.

Other news