ZombieLoad Security Flaw Affects Intel Chips
A recently discovered security bug, dubbed ZombieLoad, exploits a design flaw in Intel processors which allows attackers to steal any data recently accessed by almost all PCs or cloud servers running Intel chips since 2011.
According to TechCrunch, the bug is similar to previous security flaws, Meltdown and Spectre, as it exploits a weakness in speculative execution, which is built into most modern processors
This feature allows processors to preemptively carry out commands to order to increase the device’s operating speed.
If the chip’s predictions are needed, the processor would execute them, if not it’s discarded.
ZombieLoad is named for “zombie load” a collection of data which can’t be understood properly by the processing chip, which stimulates the processor’s microcode to avert a system crash.
The bug allowed data currently loaded by the processor’s core to leak, including browser history, user keys, passwords and disk encryption keys.
Researchers at the Graz University of Tech
nology discovered and disclosed the bug to Intel, which has released patches to prevent data from being read.
However, the patches need to be executed by individual manufacturers and then installed by users in order to protect data.
It is unknown if it has been exploited by any malicious attackers.
However, as attackers would have had to be able to run code on a machine in order to exploit the security flaw, Intel classed the bug as a “medium” risk.
Reportedly, Apple, Google, Amazon, Mozilla, and Microsoft have released fixes for ZombieLoad