ZombieLoad: New critical flaw affects most Intel processors, exposes keys, browsing history & more

The exploit, dubbed ZombieLoad, is embedded in Intel’s processor chips themselves, meaning even the best-designed software patches can only go part of the way toward plugging the hole without reducing the chips’ performance. The vulnerability may allow attackers to ‘resurrect’ critical data processed by the chip – from browser history and passwords to disk encryption keys and other system-level sensitive data.

Its reach isn’t even limited to the end-user’s computer, according to researchers Michael Schwarz, Moritz Lipp, and Daniel Gruss from Graz University of Technology and Jo Van Bulck from KU Leuven: it “can also be exploited in the cloud.” 

Intel claims there is no evidence Zombieload was exploited by real-world actors, but as the researchers explain, because it’s a hardware vulnerability, attackers who use it may not leave the traces of outside interference found with typical software exploits. It’s also ‘unlikely’ such activity would be caught by an anti-virus program, though secondary attacks that use it to invade a user’s system might set off alarms.

Intel has reportedly addressed the problem “at the hardware level” in its newest processors, while releasing microcode and software updates to patch older chips. Apple, Microsoft, Google, and Mozilla have all issued their own patches, but some users might have to brace for as much as a 40 percent reduction in performance.

ZombieLoad was discovered by the same researchers who uncovered the notorious Spectre and Meltdown vulnerabilities in 2017, a finding which shook the computer world’s sense of security to its core. Meltdown affected almost every processor Intel had ever manufactured going back to the mid-1990s. Spectre, which proved more difficult to patch even at the software level, also afflicted Intel’s competitors, including AMD and ARM, which manufactures chips for smartphones and other internet-of-things devices. Savvy users were forced to reconsider the wisdom of cloud computing – even if they patched their own machines, their data was only as safe as the processors the cloud providers used.

Source Article from http://feedproxy.google.com/~r/blacklistednews/hKxa/~3/yfEu6aorMi8/zombieload-new-critical-flaw-affects-most-intel-processors-exposes-keys-browsing-history-amp.html

Related Posts
Intel Corp., the US tech giant, on Tuesday launched its “most powerful generation” of mobile
Enter your email address to subscribe to this blog and receive notifications of new posts
Vasily Gritsak, head of the Security Service of Ukraine (SBU), confirmed that counterintelligence officers were

Hits: 44

You can leave a response, or trackback from your own site.

Leave a Reply

*

Powered by WordPress | Designed by: Premium WordPress Themes | Thanks to Themes Gallery, Bromoney and Wordpress Themes