15 May 2019

Intel CPUs impacted by new Zombieload side-channel attack

Researchers, academics detail new Microarchitectural Data Sampling (MDS) attacks.


By Catalin Cimpanu for Zero Day | May 14, 2019 -- 17:00 GMT (10:00 PDT) | Topic: Security



Academics have discovered a new class of vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU.

The leading attack in this new vulnerability class is a security flaw named Zombieload, which is another side-channel attack in the same category as Meltdown, Spectre, and Foreshadow.

NEW ATTACK ON SPECULATIVE EXECUTION
Just like the first three, Zombieload is exploited by taking advantage of the speculative execution process, which is an optimization technique that Intel added to its CPUs to improve data processing speeds and performance.

...

What this means is that malware capable of carrying out a Zombieload attack can effectively break all privacy protections that exist between apps, similar to how both Meltdown and Spectre broke those lines, but via other vulnerabilities in the speculative execution process.

THE GOOD NEWS
But things aren't as bleak as they were when Meltdown and Spectre were first disclosed in January 2018. For starters, Intel hasn't been caught with its pants down like the last time, and the company has already shipped microcode updates.

Read more...


No comments: