Intel has detailed today that four new dividends called ZombieLoad make almost every piece it has made since 2011 vulnerable to attack. ZombieLoad has some similarities with Meltdown and Specter bugs we saw last year. Apple has already patched the vulnerabilities with yesterday's MacOS 10.14.5 update.
As reported by TechCrunch security researchers have discovered what they call a new class of vulnerabilities in Intel chips dating back to 2011 and can also be used against virtual machines. As described by CPU.fail is how the attack works:
The ZombieLoad attack restores your private browsing history and other sensitive data. It allows to leak information from other applications, the operating system, cloud virtual machines and reliable execution environments.
Like Specter and Meltdown, ZombieLoad challenges challenges in speculative execution and some of the same security researchers who discovered Meltdown and Specter reported the new ZombieLoad vulnerabilities to Intel.
"ZombieLoad", as it is called, is a side channel attack targeting Intel chips, so hackers effectively exploit design errors instead of injecting malicious code. Intel said ZombieLoad is made up of four errors, which the researchers reported to the chip maker just a month ago.
One of the researchers, Daniel Gruss, told TC that these are advanced attacks, which are in difficulty between Specter and Meltdown to perform.
These are far from drive-by exploits where an attacker can take over your computer in an instant. Gruss said it was "easier than Specter", but "harder than Meltdown" to exploit ̵1; and both required a specific set of skills and efforts to use in an attack.
There have been no publicly known examples of ZombieLoad being used maliciously, but it is still a good idea to update your Mac software. Intel has already released microcode updates, and Apple has implemented them in yesterday's MacOS 10.14.5 update. Apple also has High Sierra and Sierra security updates for ZombieLoad.
Intel said that performance can take a small hit of up to 3%, but most users will not notice any changes with the patches installed. Datacenters, on the other hand, could see the fall in performance as much as 9%.
Read more about ZombieLoad in TechCrunch's post here.
Check out 9to5Mac on YouTube for more Apple news: