Published: Sat, May 18, 2019
Electronics | By Kelly Massey

Zombieload, the latest Intel Speculative Execution vulnerability, has been patched today

Zombieload, the latest Intel Speculative Execution vulnerability, has been patched today

Just like Spectre and Meltdown flaw in 2018, the vulnerability was caused by a flaw within an important feature that existed in many modern processors called speculation execution.

"While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets now processed by other running programs", the research paper claimed. The three computer scientists, together with Graz University of Technology Professor Stefan Mangard, were already involved in the discovery of the serious security gaps Meltdown and Spectre past year.

The security flaw was the most recent revelation of Intel chip bugs since two notorious hardware viruses involving Intel processors, nicknamed Spectre and Meltdown, caused panic among computer users previous year.

Those who warned that the Meltdown and Spectre computer chip flaws revealed a year ago would trigger a new era of hardware vulnerability discovery were on to something.

Intel said it's already addressed the problem in its newest chips after working for months with business partners and independent researchers.

The flaws were discovered by researchers from the Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of MI, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute and Saarland University in Germany, as well as security firms Cyberus, BitDefender, Qihoo 360 and Oracle.

"However, unlike the recent Cisco router vulnerability, and most notably the "2nd flaw" that was making headlines, a patch or patches are available and they will help", said Curry.

SpaceX to launch first satellites for Musk's Starlink internet service
The Starlink team is now led by Mark Juncosa, SpaceX's VP of vehicle engineering and an eight-year veteran of the company. The satellites will centre using a low earth orbit to link to ground terminals on Earth to provide internet connection.

"ZombieLoad is a novel category of side-channel attacks which we refer to as data-sampling attack", the researchers say in a Tuesday blog post. And while the set of four attacks all operate in a similar manner to Meltdown and Spectre, these new MDS attacks (ZombieLoad, Fallout, and RIDL) appear to be easier to execute.

Further, they said, tracking user secrets like browsing the history, website content, passwords or system-level confidences, user keys -such as disk encryption keys.

No attacks have yet been reported, but that does not necessarily mean they have not taken place.

Moreover, the current defect probably can enable an enemy to catch on tasks being supervised by an Intel Core or Xeon system's central processing unit (CPU) issued since 2011.

"End users and systems administrators should check with their system manufacturers and system software vendors, and apply any available updates as soon as practical".

That said, most Mac users have little to worry about.

Like this: