A newly discovered security vulnerability in Intel processors allows attackers to steal all the data accessed by the processor. This is even true for cloud servers, which could allow an attacker to steal information from other virtual machines running on the same PC.
We do not know if the attack, nicknamed ZombieLoad, has been used by malicious hackers. The flaw was discovered by researchers at the Graz University of Technology and was reported to Intel. Intel has released a code to fix the flaw, although it has been implemented by individual manufacturers and then installed by users before everyone is protected.
The flaw affects almost every Intel chip since 2011, according to TechCrunch. wired reports Apple and Google have already released updates, while Microsoft announced today the availability of updates. Attackers must be able to execute code on a machine in order to take advantage of ZombieLoad. This is not a fault for which everyone is at risk.
ZombieLoad is the latest in a series of serious security vulnerabilities leveraging a process, called speculative execution, built into the most modern processors. This feature allows processors to preemptively execute future orders, providing speed gains. But as it was first discovered with Specter and Meltdown, this process leaves some gaping vulnerabilities for the attackers.
The correction of these vulnerabilities required the application of patches to the processors so as to slow them down slightly. But solutions do not completely cut off the attack vector – speculative execution is an area in which researchers expect it to continue to find loopholes. Spectrum and collapse were the first two, and another was discovered some months later.
So far, these attacks have not had the appalling effects that had been announced. There have been a lot of fixes, but the slowdowns were minor and there is still a major known attack exploiting these faults. This certainly does not mean that these problems will never come. With, and with years of computers filled with endangered fleas, it is likely that more attacks will continue to be discovered.