Intel’s CPU security-flaw nightmare doesn’t end with Meltdown, Spectre, and Foreshadow. Researchers with the Graz University of Technology and imec-DistriNet have found yet another vulnerability that puts sensitive data at risk: ZombieLoad.
ZombieLoad reportedly affects all Intel processor generations released since 2011. Similar to previous vulnerabilities, the side-channel attack exploits weaknesses in speculative execution. It comprises four bugs that allow attackers to steal private browsing history and other sensitive data.
AMD/ARM chips aren’t affected, but patches are already rolling out for Intel users.
Researchers have also warned of two additional exploits, “RIDL” and “Fallout.” The former attack allows for the leaking of information across various security domains, while the latter allows for reading data an OS recently wrote.
ZombieLoad takes its name from a “zombie load,” an amount of data that the processor can’t understand or properly process, forcing the processor to ask for help from the processor’s microcode to prevent a crash. Apps are usually only able to see their own data, but this bug allows that data to bleed across those boundary walls. ZombieLoad will leak any data currently loaded by the processor’s core, the researchers said. Intel said patches to the microcode will help clear the processor’s buffers, preventing data from being read.