New Intel CPU Flaw "ZombieLoad" Affects All Chips since 2011

Tsing

The FPS Review
Staff member
Joined
May 6, 2019
Messages
12,877
Points
113
Intel’s CPU security-flaw nightmare doesn't end with Meltdown, Spectre, and Foreshadow. Researchers with the Graz University of Technology and imec-DistriNet have found yet another vulnerability that puts sensitive data at risk: ZombieLoad.

ZombieLoad reportedly affects all Intel processor generations released since 2011. Similar to previous vulnerabilities, the side-channel attack exploits weaknesses in speculative execution. It comprises four bugs that allow attackers to steal private browsing history and other sensitive data.

AMD/ARM chips aren’t affected, but patches are already rolling out for Intel users.

Researchers have also warned of two additional exploits, "RIDL" and "Fallout." The former attack allows for the leaking of information across various security domains, while the latter allows for reading data an OS recently wrote.

ZombieLoad takes its name from a “zombie load,” an amount of data that the processor can’t understand or properly process, forcing the processor to ask for help from the processor’s microcode to prevent a crash. Apps are usually only able to see their own data, but this bug allows that data to bleed across those boundary walls. ZombieLoad will leak any data currently loaded by the processor’s core, the researchers said. Intel said patches to the microcode will help clear the processor’s buffers, preventing data from being read.
 
Great, more work for me at the day job.
 
oh FFS... how long before they will roll out new architecture? And will their new design actually address all of the current exploits.... :cautious:
 
Seems to still require a locally compromised system, so not so much worrying for the home user. Now, being able to break into a VM, that's pretty good.
 
As long as us humans are in charge there will always be bugs in code.
 
Become a Patron!
Back
Top