All Intel CPU Since 2011 Affected By ZombieLoad Attack

Anita - May 29, 2019

Another major bug has been discovered in all of Intel CPUs since 2011, which allows hackers to steal sensitive information from the processor.

Intel Announced 11th-Gen Rocket Lake Processors, Rivaling AMD Ryzen Chips
Intel India And Indian Scientists Are Aiming To Use AI Solutions To Cope With COVID-19
This Intel Chip Helps Electronic Noses Detect Weapons, Explosives, And Other Hazardous Chemicals

Researchers have found a new flaw in Intel’s processors. The vulnerability enables hackers to directly acquire data from the processor without any method to prevent them. The newly-detected flaw is named ZombieLoad. Along with it, 3 relevant vulnerabilities were also found by the same researchers who had detected the Meltdown and Spectre chip flaws before.

The most serious issue is that ZombieLoad and other 3 new flaws affect Intel processor released since 2011. Accordingly, a series of MacBooks, Window PCs, Chromebooks, and Linux servers will suffer from the bug. Fortunately, ARM and AMD chip users are unaffected.

This flaw set is called MDS (Microarchitectural Data Sampling) by Intel. According to the company, the latest eighth-generation, ninth-generation CPUs, and future processors are safeguarded against the bug although the researchers who uncovered it do not agree.

The newly-detected flaws ZombieLoad, Store-to-Leak Forwarding, RIDL, and Fallout exploit faults in a popular feature named “speculative execution”. The feature allows a processor to forecast what a program or application will need to boost the load times. It predicts what comes next and executes that even before it is needed. The issue is that using this feature placed the operation results in the short-term memory caches of the CPUs, which lets hackers directly access the memory and take away your data.

Hackers can take advantage of ZombieLoad to directly acquire your passwords, encryption keys, and confidential documents from your processors. The researchers' demonstration shows that the flaw can be used to monitor the sites one person is opening in real time. Cristiano Giuffrida researcher said in an interview with Wired:

Fortunately, Intel, Microsoft, Google, Apple, and many Linux developers have released patches to deal with the bugs. But this will seriously harm the performance of your CPUs. According to Intel, customer devices and data center machines are expected to slow up to 3 percent and 9 percent respectively.

However, according to researchers, MDS bugs will not be easily patched out and we will probably see more future vulnerabilities. Meanwhile, keep your devices updated and hope for the best.