ZombieLoad flaw affects almost every Intel processor since 2011

Researchers have uncovered a new flaw in Intel chips More

Researchers have uncovered a new flaw in Intel chips More

It takes advantage of speculative execution, an optimisation process used by most recent Intel processors (all since 2011), to access nuggets of user data accessed by the software running on your PC and held within CPU caches such as the load, store and line fill buffers. The researchers who published details on the attacks hailed from companies Cyberus, BitDefender Oracle, Qihoo360, along with Belgium's KU Leuven, the University of Adelaide, University of Michigan, Graz University of Technology, the Helmholtz Center for Information Security, Vrije Universiteit Amsterdam and Worcester Polytechnic Institute. They called the vulnerabilities 'Zombieload'.

The growing complexity of modern microprocessors coupled with the constant need to showcase improved performance with each generation finally came to a head early previous year with the discovery of Meltdown and Spectre, two hardware vulnerabilities which allowed unprivileged processes to infer the contents of protected memory - effectively allowing any program running on an affected computer to read data including passwords and security certificate keys.

The newly revealed security issues could allow attackers to steal sensitive data from a CPU in multiple ways. In this case "user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys", will be possible to purloin.

A video of the flaw can be found here.

Sherpa completes record 23rd Everest climb
He started his summit from Camp IV on Tuesday night and reached the summit point on Wednesday morning, said a basement official. Here comes an exciting Mount Everest Update! Except Sherpa, no one has climbed the mountain more than 21 times.

Security experts say the patches will help prevent the vulnerabilities from being exploited, but that the only way to fully block attacks outright is to disable hyperthreading, Intel's implementation of simultaneous multithreading that improves a CPU's power and performance by giving it the ability to perform multiple tasks at the same time.

"Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see", Intel writes. "Practical exploitation of MDS is a very complex undertaking". Intel admitted in a call to TechCrunch that "the microcode updates, like previous patches, would have an impact on processor performance".

A "zombie load" is a high amount of data that the processor can not properly handle, which causes the processor to use elements of its microcode to prevent the whole PC crashing. This makes "data to bleed across [] boundary walls", going outside the app it belongs to.

Patches released by Intel will likely have a small but real impact on performance ranging from three per cent on consumer devices to nine per cent on data centre machines.

Latest News