Intel processors hit with another serious security flaw impacting millions of PCs

Intel processors hit with another serious security flaw impacting millions of PCs

The exploit, known as ZombieLoad, allows hackers to use a side-channel attack to exploit flaws in the design of Intel processors. The majority of Intel processors dating back to 2011 are said to be affected by the constituent bugs that allow the Zombieload Attack to operate with success.

A "zombie load" is a high amount of data that the processor can not properly handle, which causes the processor to use elements of its microcode to prevent the whole PC crashing.

It has been just over a year since CPU vulnerabilities like Spectre and Meltdown last dominated the news cycle.

RIDL - Rogue In-Flight Data Load - by contrast leaks information across security domains through an analysis of the CPU pipeline, allowing unprivileged code - including JavaScript code running in a browser - to access data from programs running on the same machine, including privileged kernel memory, memory allocated to virtual machines, and memory supposedly protected by Intel's Software Guard Extensions (SGX) secure enclave. Apple, Microsoft, Google, and Mozilla have all issued their own patches, but some users might have to brace for as much as a 40 percent reduction in performance.

Yesterday, Intel disclosed a new attack on its processor dubbed "ZombieLoad", following in the footsteps of last year's "Spectre" and "Meltdown" security snafu.


KitGuru Says: The unveiling of Zombieload/MDS comes at an unfortunate time, as Computex is right around the corner and Intel is due to release new CPUs very soon. While most Android devices run on ARM hardware and won't be affected, any Android device using Intel hardware will need to apply the patches.

To exploit the vulnerabilities hackers would have to get some malware onto the user system or enterprise server. The latest Windows 10 and macOS security updates also have protections in place with minimal performance impact but these don't stamp the problem out entirely.

Fixing these flaws is also problematic as it requires patching processors in ways that may slow them down.

We'll be keeping a close eye on ZombieLoad as this story develops.

Related:

Comments

Latest news

Pokemon Rumble Rush announced for Android and iOS
A close alpha launched with that announcement, but after that, The Pokemon Company went radio silent on the game. Pokemon Rumble Rush , a game for mobile, launched in Australia and will soon be available in more regions.

India to investigate Google's potential market dominance abuse
It's possible that Google could enact similar policies in India, depending on the results of the investigation. Citing anonymous sources, Reuters said it had reported in February that the CCI had begun its probe past year .

NY mom fails drug test after eating poppyseed bagel before giving birth
She says all mothers-to-be should avoid eating poppy seeds so they don't experience the same trauma as she did. Anyone taking a drug test shouldn't consume poppyseed bagels before taking a urine test, the doctor said.

Are Taylor Swift and Joe Jonas Still Friends?
Despite Swift slamming him on TV, their teenage years are well behind them and the exes have moved on - and are still friends. She told DeGeneres: "Probably when I like put Joe Jonas on blast on your show". "Yeah, that was too much", she added.

Serena Williams wins Italian Open opener to kick-start clay-court season
We'll both do the best that we can", warned Serena , who leads 18-12, the most recent at last year's US Open. "It was really cool to share my favourite city with her, some of my favourite things to see".

Other news