The ZombieLoad attack allows hackers to steal data from Intel chips



[ad_1]

A recently discovered security flaw in Intel processors allows attackers to steal all data recently accessed by the processor. This is even true for cloud servers, which could allow an attacker to steal information from other virtual machines running on the same PC.

It is not known if the attack, called ZombieLoad, was used by malicious hackers. The flaw was discovered by researchers at the Graz University of Technology and was revealed to Intel. Intel has released a code to fix the flaw, though it must be implemented by individual manufacturers and then installed by users before everyone is protected.

The flaw affects almost every Intel chip since 2011, according to TechCrunch. wired reports that Apple and Google have already released updates, while Microsoft announced today the availability of updates. Attackers must be able to execute code on a machine in order to take advantage of ZombieLoad. This is not a flaw that everyone is at risk.

ZombieLoad is the latest in a series of serious security issues taking advantage of a process called speculative execution, built into most modern processors. This feature allows processors to preemptively execute future commands, thereby increasing speed. But as researchers discovered for the first time with Specter and Meltdown, this process leaves some gaping vulnerabilities for attackers.

The correction of these vulnerabilities required the application of patches to the processors so as to slow them down slightly. But solutions do not completely cut off the attack vector – speculative execution is an area in which researchers expect it to continue to find loopholes. Spectrum and Meltdown were the first two, and another was discovered a few months later.

So far, these attacks have not had the appalling effects warned by the researchers. There have been a lot of fixes, but the slowdowns have been minor and there has not yet been a major known attack exploiting these flaws. This certainly does not mean that these problems will never come, however, and with years of computers filled with endangered fleas, new attacks will continue to be found.

[ad_2]

Source link