[ad_1]
Computers with Intel chips starting in 2011 are vulnerable to the ZombieLoad bug.
The Intel processor chips have recently been accused of being flawed and unreliable to ensure optimal computing performance and current news further confirms that Intel needs to improve its game and secure its processor chips for users.
According to safety researchers from the Technical University of Graz in Austria and KU Leuven in Belgium, new problems identified in Intel processor chips could potentially slow down the processing of the computer.
See: Intel's new "Foreshadow" chip attacks SGX technology to extract sensitive data
Intel has accepted that the flaw is real and present in its processor chips, but the company says that the impact on computers will be minimal, while the required patches most likely affect its data centers. The newly identified bug is called ZombieLoad.
The researchers say that Intel chips contain a whole new class of vulnerabilities that can be exploited to obtain sensitive and sensitive user data from the processor. The vulnerabilities identified in Intel chips are similar to the infamous Meltdown and Specter bugs that could be used to exploit the flaws in the speculative execution process of modern processors.
It should be noted that the vulnerabilities of Meltdown and Specter also caused the leak of sensitive data such as passwords, account tokens, secret keys and private messages stored for a short time in the processor.
ZombieLoad is basically a secondary channel attack aimed primarily at Intel processor chips. The bug allows attackers to successfully exploit design flows without having to inject malicious code. According to Intel's analysis, ZombieLoad includes four bugs. In addition, all computers containing Intel chips starting in 2011 will be vulnerable to ZombieLoad, while the ARM and AMD chips will not be in danger.
The researchers published a PoC video (Proof of Concept) in which they showed how ZombieLoad can leverage processor chips to keep track of Web sites accessed by the user in real time and obtain sensitive data such as access tokens or passwords for online accounts of the victim.
"[This could affect] User-level secrets, such as browser history, website content, user keys and passwords, or system-level secrets, such as keys disk encryption, "researchers revealed on the site devoted to ZombieLoad's attack.
Moreover, they do not know if an attack launched with ZombieLoad will be traceable or not, and if it has already been exploited. The bug is named after the zombie loading feature in the processor. Basically, when the processor can not understand or process certain data properly, it is obliged to ask for help from the microcode of the processor to avoid a crash.
Although applications can only see data that belongs to them, this data leak can cause data to leak between different applications. What ZombieLoad does is that it flee the data loaded by the CPU kernel.
To eliminate the problem, Intel will need to release microcode patches to clear processor buffers to prevent data leakage. Intel thinks that the launch of such an attack will be a very "complex" task. However, the company urged users to download security updates released by Apple, Microsoft, and Linux operating system vendors to counter the problem at the moment.
See: The WhatsApp Fault allows hackers to install spyware on iOS and Android devices
More details about the hotfix released by Microsoft are available here.
More details on the patch released by Apple are available here.
More details on the hotfix released by Amazon are available here.
More details about the hotfix released by Google are available here.
Did you like reading this article? Like our page on Facebook and follow us on Twitter.
[ad_2]
Source link