. home.aspx



ZombieLoad Bugs Expose Intel Machines to Data Theft

May 15, 2019 / Phil Muncaster

Researchers have discovered a major new set of vulnerabilities in nearly all post-2011 Intel chips which could enable side-channel attacks targeting sensitive information. ZombieLoad is reminiscent of Spectre and Meltdown bugs reported in January 2018 in that it affects not only desktop and laptop machines but also cloud servers. Like them, it exploits the speculative execution process to enable attackers to steal data from the processor. Technically known as a “data sampling attack,” it’s far from trivial to launch, but should be addressed immediately by admins as it could theoretically allow attackers to monitor a victim’s browsing in real-time, or steal sensitive credentials and data. “While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs,” the research paper claimed. “These secrets can be user-level secrets, such as browser histo...