Thursday, 18 July 2019
Latest news
Main » Apple Patches ZombieLoad Vulnerabilities

Apple Patches ZombieLoad Vulnerabilities

18 May 2019

But a year ago the processor industry was shaken by news that Spectre and Meltdown could theoretically enable hackers to leapfrog those hardware barriers and steal some of the most securely held data on the computers involved. The RIDL attack would leak information from different security buffers inside the Intel processors, while an attack called Fallout would allow an adversary to read data recently written by an operating system. One of the new vulnerabilities, dubbed ZombieLoad, can reportedly be triggered even if an application runs inside a virtual machine that isolates it from the underlying server.

"While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets now processed by other running programs", said the team who discovered the issue.

Apple, Microsoft and Google have also released security patches, with other companies expected to follow. The vulns affect Intel Core chips from 2008 onwards, with only some eighth and ninth-generation chips immune to the exploits.

More news: Google launches one-stop-shop Trips

The researchers also indicated that the flaws could be exploited to see which websites a person is visiting in real-time.

"This flaw is particularly risky for Intel-based public clouds running untrusted workloads in shared-tenancy environments, "Red Hat warns in a security alert". However, in several research papers published today, academics say that all Intel CPUs released since 2011 are most likely vulnerable.

"ZombieLoad is a novel category of side-channel attacks which we refer to as data-sampling attack", the researchers say in a Tuesday blog post.

More news: Kevin Durant and DeMarcus Cousins injury update

Intel has now released patches to the microcode that will help clear the processor's buffers.

"After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors", warned the university researchers. "Overall, as an industry it doesn't help that security has a reputation as a discipline for slowing things down and being 'Dr No.' Security early is always better than security late, so I'm most interested in the after-action findings from Intel". While Intel rates the attacks as "low to medium" in severity, researchers from the institutions that discovered the attacks told Wired that they could "reliably dig through that raw output to find the valuable information they sought".

While fixes may be starting to become available, it will take time for them to be applied to PCs and servers affected by the four variants.

More news: Arriving Soon: Pokemon Rumble Rush Mobile Game

Apple Patches ZombieLoad Vulnerabilities