ZombieLoad is Intel’s latest nightmare, is there an end to it?

by mark · Published 29 May 2019 · Updated 31 May 2020

After the Intel ME, “minix”, issue the discovery of Meltdown an Spectre and the subsequent discovery of Speculative Store Bypass there really seems no end to it. Wait, there’s a new one: meet ZombieLoad, yet another Intel chip flaw.

ZombieLoad is the latest chip flaw discovered by researchers of Graz University of Technology, it is a potentially dangerous flaw that lets an attacker steal sensitive information such as encrypted passwords. This vulnerability uses a similar approach as Speculative Store Bypass but targets the CPU microarchitecture. Academics have dubbed this attack “Microarchitectural Data Sampling (MDS)“.

“Fortunately”, the attackers need to be able to run code on the machine to exploit the flaw, still it is a dangerous vulnerability and should be treated carefully. Although no case of exploitation has been reported, there really is no way to tell whether this vulnerability has been exploited in the past.

The hardware flaw seems to be present in almost every CPU produced by Intel since 2011, with the exclusion of 8th and 9th and Intel Xeon Scalable 2nd generation processors.

This new rounds of vulnerabilities has been assigned 4 CVEs: CVE-2018-12126 aka “Fallout”, CVE-2018-12127, CVE-2018-12130 (ZombieLoad) and CVE-2019-11091.

A patch is on the way, wait it’s already here

Since the flaw was disclosed to Intel, a coordinated effort took place in order to patch the flaw as soon as possible. Most of the major vendors such as Google, Apple and Microsoft have already released the patch to their users.

In these dire times where rogues in the guise of digital wizards can steal your data, updates only seem to be the only way to defend oneself and one’s digital life. Updates are getting more important by the day. Patches for ZombieLoad do not affect system performance significantly but all these patches are slowly making a dent in most computer’s performance.

Image courtesy of mark | marksei

Author
Recent Posts

mark

The IT guy with a slight look of boredom in his eyes. Freelancer. Current interests: Kubernetes, Tensorflow, shiny new things.

Cookie	Duration	Description
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_60468161_1	past	Set by Google to distinguish users.
_ga_DR9SCJ09BV	2 years	This cookie is installed by Google Analytics.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.

Cookie	Duration	Description
edgebucket	session	Reddit sets this cookie to save the information about a log-on Reddit user, for the purpose of advertisement recommendations and updating the content.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	14 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
csv	2 years	No description available.
GoogleAdServingTest	session	No description
wp_api	past	No description
wp_api_sec	past	No description
_pk_id.1.95fa	1 year 27 days	No description
_pk_ses.1.95fa	29 minutes	No description
__smSessionId	9 hours	No description available.
__smToken	1 year	This cookie is set by the Sumo. This cookie is used for verifying whether the user is logged in or not.

You may also like...

Leave a ReplyCancel reply

Recent Posts

Recent Comments

Categories

Latest tutorials

ZombieLoad is Intel’s latest nightmare, is there an end to it?

A patch is on the way, wait it’s already here

Related posts:

You may also like...

What’s new in OpenStack Ocata

Speculative Store Bypass: spectre for browsers, the nightmare isn’t over yet

Fedora 25 new features, Perl removed from Build Root

Leave a ReplyCancel reply

Recent Posts

Recent Comments

Categories

Latest tutorials