Intel processors hit with another serious security flaw impacting millions of PCs

New security flaw in Intel chips could affect millionsMore

The exploit, known as ZombieLoad, allows hackers to use a side-channel attack to exploit flaws in the design of Intel processors. The majority of Intel processors dating back to 2011 are said to be affected by the constituent bugs that allow the Zombieload Attack to operate with success.

A "zombie load" is a high amount of data that the processor can not properly handle, which causes the processor to use elements of its microcode to prevent the whole PC crashing.

It has been just over a year since CPU vulnerabilities like Spectre and Meltdown last dominated the news cycle.

RIDL - Rogue In-Flight Data Load - by contrast leaks information across security domains through an analysis of the CPU pipeline, allowing unprivileged code - including JavaScript code running in a browser - to access data from programs running on the same machine, including privileged kernel memory, memory allocated to virtual machines, and memory supposedly protected by Intel's Software Guard Extensions (SGX) secure enclave. Apple, Microsoft, Google, and Mozilla have all issued their own patches, but some users might have to brace for as much as a 40 percent reduction in performance.

Yesterday, Intel disclosed a new attack on its processor dubbed "ZombieLoad", following in the footsteps of last year's "Spectre" and "Meltdown" security snafu.

KitGuru Says: The unveiling of Zombieload/MDS comes at an unfortunate time, as Computex is right around the corner and Intel is due to release new CPUs very soon. While most Android devices run on ARM hardware and won't be affected, any Android device using Intel hardware will need to apply the patches.

To exploit the vulnerabilities hackers would have to get some malware onto the user system or enterprise server. The latest Windows 10 and macOS security updates also have protections in place with minimal performance impact but these don't stamp the problem out entirely.

Fixing these flaws is also problematic as it requires patching processors in ways that may slow them down.

We'll be keeping a close eye on ZombieLoad as this story develops.

Related:

Comments

Latest news

Pokemon Rumble Rush announced for Android and iOS
A close alpha launched with that announcement, but after that, The Pokemon Company went radio silent on the game. Pokemon Rumble Rush , a game for mobile, launched in Australia and will soon be available in more regions.

Cannes 2019: Recap looks of Huma Qureshi at the prestigious film festival
Last year, Gomez was body-shamed and trolled for posting a bikini picture to her Instagram account after a kidney transplant. It can be great in moments. "It is not that healthy to be on [social media] all the time", she added.

India to investigate Google's potential market dominance abuse
It's possible that Google could enact similar policies in India, depending on the results of the investigation. Citing anonymous sources, Reuters said it had reported in February that the CCI had begun its probe past year .

US Measles cases now top 800
According to the study , China, India, Japan, Mexico, the Philippines, Thailand and Ukraine pose the greatest measles risk. But New York has the biggest outbreak, accounting for nearly 700, or more than 80 percent, of the cases nationwide.

Google Is Bringing Ads to Its Mobile App
Featured Videos: If a search topic seems to be related to video, Google will auto-play "salient segments" of video clips. Collections: Users will soon be able to save their searches into "Collections" as a way to organize and return to them.

Other news