Security researchers from the Graz University of Technology have found a new flaw in Intel chips which can be used to steal sensitive information directly from the processor. The new vulnerability is being called “ZombieLoad."
A side-channel attack
The newly-discovered flaw enables a side-channel attack that hackers can exploit. Worst of all, almost every computer with an Intel chip from 2011 is affected by the vulnerabilities.
According to TechCrunch and Wired, Apple, Google, and Microsoft have already issued updates. The name ZombieLoad comes from the term “zombie load" which refers to an amount of data that the processor can’t understand.
This forces the processor to ask for help from the processor’s microcode to prevent a crash. It is this process that the bug exploits to let data bleed across boundary walls.
Intel has now released patches to the microcode that will help clear the processor’s buffers. This should prevent data from being read.
The researchers also indicated that the flaws could be exploited to see which websites a person is visiting in real-time. They could be used to get passwords or access tokens.
And the cloud is also vulnerable. The researchers said the flaws work in cloud environments just like they do on PCs.
No attacks reported yet
No attacks have yet been reported, but that does not necessarily mean they have not taken place. A ZombieLoad attack would not leave a trace.
Fixing these flaws is also problematic as it requires patching processors in ways that may slow them down. So far, however, the slowdowns have been minor.
Still, the experts are saying there is no reason to panic. For starters, there are easier ways to hack into a computer. Furthermore, neither Intel nor the researchers have released exploit code which indicates there’s no direct and immediate threat.