ZombieLoad is Intel’s latest nightmare, is there an end to it?
After the Intel ME, “minix”, issue the discovery of Meltdown an Spectre and the subsequent discovery of Speculative Store Bypass there really seems no end to it. Wait, there’s a new one: meet ZombieLoad, yet another Intel chip flaw.
ZombieLoad is the latest chip flaw discovered by researchers of Graz University of Technology, it is a potentially dangerous flaw that lets an attacker steal sensitive information such as encrypted passwords. This vulnerability uses a similar approach as Speculative Store Bypass but targets the CPU microarchitecture. Academics have dubbed this attack “Microarchitectural Data Sampling (MDS)“.
“Fortunately”, the attackers need to be able to run code on the machine to exploit the flaw, still it is a dangerous vulnerability and should be treated carefully. Although no case of exploitation has been reported, there really is no way to tell whether this vulnerability has been exploited in the past.
The hardware flaw seems to be present in almost every CPU produced by Intel since 2011, with the exclusion of 8th and 9th and Intel Xeon Scalable 2nd generation processors.
This new rounds of vulnerabilities has been assigned 4 CVEs: CVE-2018-12126 aka “Fallout”, CVE-2018-12127, CVE-2018-12130 (ZombieLoad) and CVE-2019-11091.
A patch is on the way, wait it’s already here
Since the flaw was disclosed to Intel, a coordinated effort took place in order to patch the flaw as soon as possible. Most of the major vendors such as Google, Apple and Microsoft have already released the patch to their users.
In these dire times where rogues in the guise of digital wizards can steal your data, updates only seem to be the only way to defend oneself and one’s digital life. Updates are getting more important by the day. Patches for ZombieLoad do not affect system performance significantly but all these patches are slowly making a dent in most computer’s performance.
- 2020 A year in review for Marksei.com - 30 December 2020
- Red Hat pulls the kill switch on CentOS - 16 December 2020
- OpenZFS 2.0 released: unified ZFS for Linux and BSD - 9 December 2020