ZombieLoad Bugs Expose Intel Machines to Data Theft

Written by

Researchers have discovered a major new set of vulnerabilities in nearly all post-2011 Intel chips which could enable side-channel attacks targeting sensitive information.

ZombieLoad is reminiscent of Spectre and Meltdown bugs reported in January 2018 in that it affects not only desktop and laptop machines but also cloud servers. Like them, it exploits the speculative execution process to enable attackers to steal data from the processor.

Technically known as a “data sampling attack,” it’s far from trivial to launch, but should be addressed immediately by admins as it could theoretically allow attackers to monitor a victim’s browsing in real-time, or steal sensitive credentials and data.

“While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs,” the research paper claimed. “These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys.”

ZombieLoad (CVE-2018-12130) is the most dangerous vulnerability, although the researchers also found three others: CVE-2018-12126, CVE-2018-12127 and CVE-2019-11091. Intel calls these Microarchitectural Data Sampling (MDS) flaws.

“All of them have in common that they trigger a faulty read, and extract data used by transiently executed operations via a side-channel,” said the researchers in an accompanying blog post.

The good news is that Intel has already addressed MDS issues post-Spectre/Meltdown, so its newer chips (8th and 9th Generation Intel Core processors and 2nd Generation Intel Xeon Scalable processor family) aren’t affected.

It has also released microcode updates to address the vulnerabilities, although these could apparently have a 9% performance hit on cloud machines and around 3% on desktops and laptops. Apple, Google, and Microsoft have already released patches to fix ZombieLoad.

What’s hot on Infosecurity Magazine?