How to Protect your Computer from ZombieLoad Attack


The researchers say any "modern Intel Core or Xeon CPU" released from 2011 onward is likely vulnerable.

The so-called ZombieLoad bug was unearthed by some of the same researchers who brought the critical Spectre and Meltdown flaws into the spotlight, and it shares many similarities to those vulnerabilities.

The researchers comprising of academics from around the world, as well as security researchers from Bitdefender, have come to the conclusion that data can be leaked by exploiting loopholes in some components of the speculative execution process.

Technically known as a "data sampling attack", it's far from trivial to launch, but should be addressed immediately by admins as it could theoretically allow attackers to monitor a victim's browsing in real-time, or steal sensitive credentials and data. Most programs normally only have access to their own data, but with Zombieload, a malicious program could exploit the CPU to gain access to information held by other programs running on the machine.

ZombieLoad (CVE-2018-12130) is the most risky vulnerability, although the researchers also found three others: CVE-2018-12126, CVE-2018-12127 and CVE-2019-11091. The chipmaker said Tuesday, May 14, 2019, that there's no evidence of bad actors exploiting the bug, which is embedded in the architecture of computer hardware. However, even chips as recent as Intel's latest 9th Gen processors are affected.

Intel has released microcode updates to patch the vulnerabilities, but to properly immunise a PC a combination of firmware and software updates is needed and the fixes are expected to impact CPU performance.

Discovered by researchers from Graz University of Technology, the flaw has been already been patched earlier by Apple and Google, and the fix was today part of Microsoft's Patch Tuesday.

It has been just over a year since CPU vulnerabilities like Spectre and Meltdown last dominated the news cycle.

No attacks have yet been reported, but that does not necessarily mean they have not taken place. They called the vulnerabilities 'Zombieload'. But hackers can exploit the newly discovered vulnerabilities to steal the discarded data before it's deleted and read the contents.

Intel said it has been working with operating system vendors, equipment manufacturers and other ecosystem partners to develop platform firmware and software updates that can help protect systems from these methods.

The leak covered all Intel processors made since 2008 and would have been extremely easy to abuse, the researchers say.

That said, most Mac users have little to worry about.