Processors released after 2011 have been found to have a new vulnerability called ZombieLoad, TechCrunch reports. Just like the previously mentioned vulnerabilities from last year, ZombieLoad abuses a common technology in modern processors called speculative execution.
As the name suggests, the processor speculates on what type of task might need handling next, and does the calculations to be either used or discarded. A few bugs associated with this feature allows ZombieLoad to capture data straight from the processor.
Essentially, ZombieLoad floods the processor with data which makes the CPU turn to its microcode in order to not crash. According to Intel, the exploit uses four different bugs to deliver the attack. One of these bugs allows full access to data processed by the microcode, even though usually it is unavailable to normal applications.
Fortunately abusing ZombieLoad isn't as easy as 1-2-3, and that might save us from a massive epidemic of attacks. Intel has also released an update to the microcode which unfortunately will also affect slightly the performance of the processor decreasing it approximately 3%.
Vendors, including Microsoft, Apple and Google, have also updated their software to better handle ZombieLoad.
Written by: Matti Vähäkainu @ 15 May 2019 12:50