Zombieload flaw affects most modern Intel chips

By Dylan Bushell-Embling
Friday, 17 May, 2019

Zombieload flaw affects most modern Intel chips

Researchers have discovered a critical flaw in nearly all Intel processors released since 2011 that could allow attackers to access any data that has been recently accessed by the processor.

The Zombieload exploit was discovered by the same Dutch researchers who found the similar Meltdown and Spectre vulnerabilities last year.

The hardware exploit involves taking advantage of a flaw in Intel’s Microarchitectural Data Sampling (MDS) speculative execution technology to access data being used by applications, containers and virtual machines.

Intel has admitted that the exploit “may allow a malicious user who can locally execute code on a system to infer the values of protected data otherwise protected by architectural mechanisms”.

While it would be extremely difficult to target particular data on a system, attackers may be able to infer protected data by collecting and analysing large amounts of data. User-level and system-level information could equally be exposed in this way.

The Zombieload speculative execution method could potentially be used to expose data in store buffers within CPUs caches, temporary buffers between CPU caches and temporary buffers used while loading data into registers.

While Intel is releasing new microcode updates to help software mitigate these issues, these protective measures will require changes and updates to operating systems, hypervisors and Intel Software Guard Extensions. Companies including Microsoft, Red Hat and VMware have already released software updates to mitigate the vulnerabilities.

Security experts have advised that the only way to almost fully protect against the use of the exploit is to disable hyperthreading on affected CPUs, which Intel says could reduce processor performance by up to 9%.

But according to the researchers, this would not prevent attacks on system call return paths that leak data from kernel space to user space.

Image credit: ©iStockphoto.com/au/Paul Fleet

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

NZ adopts new privacy principle to protect personal information

New Zealand has added a new privacy principle to the Privacy Act 2020, which adds new...

Australian Cyber Week 2020 kicks off

Australian Cyber Week 2020 has commenced, kicking off a series of events that will showcase the...

US DoJ indicts six Russian hackers

The US Department of Justice has won an indictment against six Russian military intelligence...

  • All content Copyright © 2020 Westwick-Farrow Pty Ltd