New security flaw in Intel chips called ZombieLoad could affect millions
May 18 2019
The flaw allows hackers who are running software on your PC to extract recently accessed data from your PC without needing to have full access. The vulnerability could let hackers read almost all data flowing through one of Intel's chips, though the company said the attack is hard to carry out and that it has not seen it used outside of labs.
"While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets now processed by other running programs". Apple, Google, and Microsoft have already released patches to fix ZombieLoad.
Researchers have found another security flaw in the Intel processor chips that power most of the world's computers, one that can compromise users' private data - and that can't be fixed without a major performance drop.
Apple was quick to publish today a new support page to teach Mac users on macOS Mojave, High Sierra, and Sierra how to fully mitigate the newly disclosed IntelMicroarchitectural Data Sampling (MDS) vulnerabilities.
Intel said it has been working with operating system vendors, equipment manufacturers and other ecosystem partners to develop platform firmware and software updates that can help protect systems from these methods.
The flaws were discovered by researchers from the Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of MI, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute and Saarland University in Germany, as well as security firms Cyberus, BitDefender, Qihoo 360 and Oracle.
Well, Intel has said that data centres are anticipated to be least affected by the fixes demanded. Numerous operating system vendors have begun shipping patches, and Intel has also begun to release microcode updates.
"ZombieLoad is a novel category of side-channel attacks which we refer to as data-sampling attack", the researchers say in a Tuesday blog post.
Security researchers have revealed the Zombieload Attack to the public.
Through this vulnerability, attackers are able to extract sensitive data including browser history, website contents, passwords, and encryption keys. While Intel rates the attacks as "low to medium" in severity, researchers from the institutions that discovered the attacks told Wired that they could "reliably dig through that raw output to find the valuable information they sought". The new vulnerability is being called "ZombieLoad".
Taken together, the three exploits against four vulnerabilities cover processors dating back to 2008.