A little over a year after the Meltdown and Spectre flaws found in millions of AMD and Intel chips, a group of security firms and researches discovered a new class of side channel vulnerabilities impacting all Intel CPUs. The security flaw titled 'Zombieload' can potentially leak raw data from a system's CPU.
Like Meltdown, Spectre, and Foreshadow that came before, Zombieload exploits vulnerabilities in Intel's current speculative execution process, an optimisation technique the chipmaker adds to its CPUs to improve data processing speeds and performance.
Experts have been pointing out flaws in Intel's speculative execution process for over a year now, exposing ways data can be leaked through CPU buffer zones and data processing operations.
Today, Intel and a team of academic researchers have termed this new form of hackable vulnerability in Intel's chips – previously labelled as Zombieload – as a Microarchitectural Data Sampling (MDS) attack. The MDS issue is a speculative execution side-channel attack that allows an attacker to locally execute code to target the CPU's micro-architectural data structures, which are otherwise protected by Intel's processor architectural mechanisms. This technique could allow a malicious actor to siphon a stream of potentially sensitive data.
In the past, Intel has been quick to resolve, not so much resolve as mitigate, Spectre and Meltdown issues with microcode patches and software tweaks. According to BitDefender, Intel's most recent CPU flaw can be partially resolved with microcode patches. The security firm also claims that it is working with Intel and other partners to add protection at the hypervisor level.
However, BitDefender also notes that, since the issue originates from a design flaw in the hardware, a general fix is impossible. MDS attacks are proven to work on Intel's Ivy Bridge, Haswell, Skylake, and Kaby Lake processors. So, if you're thinking of getting one of those, consider yourself warned. According to researches, Intel processors for desktops, laptops, and cloud servers are all at risk, which comes as terrible news for the entire digital sector at large.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
