New security hole affects nearly ALL Intel CPUs since 2011

Intel is in serious crapola once again, VIRTUALLY EVERY PROCESSOR SOLD since 2011 is at risk of new exploit 'ZombieLoad'

Published
Updated
2 minutes & 22 seconds read time

Intel is in the security doo-doo again with a new major vulnerability known as ZombieLoad, something that affects virtually every processor Intel has made and sold since 2011. The problem? Intel didn't really care, and seemed to have even bribed people with a $40,000 "reward" with a bonus payment of $80,000 which were both refused.

New security hole affects nearly ALL Intel CPUs since 2011 | TweakTown.com

A post on Reddit in /r/hardware by 'EverythingisNorminal' said that a Google translation of a Dutch report about VU University Amsterdam's announcement of this latest (among many) of Intel security leaks is worse than we think. Before we get into ZombieLoad, this is what the Reddit post reads: "According to the VU, Intel tried to downplay the severity of the leak by officially paying $40,000 in reward and "$80,000" in addition. That offer was politely refused".

The report added: "If it were up to Intel, they would have wanted to wait another six months". This right here is awful if true.

ZombieLoad is a side-channel attack that targets Intel CPUs and allows hackers to exploit design flaws versus injecting malicious code, but ARM and AMD processors are not vulnerable. The problem with ZombieLoad is something that made the Meltdown and Spectre vulnerabilities bad, in that they don't just affect CPUs in servers, laptops and desktops -- but also the cloud.

The new ZombieLoad vulnerability can be exploited in virtual machines, something that VMs were not meant to be affected by. The issues that stem from this is that ZombieLoad allows hackers to access the information through the Intel CPU through the VM, just like the VM wasn't even there in the first place. The world of a virtual machine is meant to be safe from exploits like ZombieLand, Spectre, and Meltdown.

All it'll take for people to be infected is to download a ZombieLoad-infected app or malware, and then hackers can run the attack on the machine. One of the researchers behind the discovery of ZombieLoad, Daniel Gruss, explained that the new vulnerability is "easier than Spectre" but "more difficult than Meltdown" to exploit -- referring to the skills and effort required to complete an attack.

There are patches by tech giants released already for ZombieLand, with Apple, Amazon, Google, Microsoft and Mozilla all releasing patches to fix the holes created by ZombieLoad. Apple has released macOS fixes for ZombieLoad, and will soon be pushed to Sierra and High Sierra versions while the iOS-based devices aren't affected.

Google has patched Android and will soon update Chrome to secure it from ZombieLoad, while Mozilla has plans for a "long-term fix" for its popular browser Firefox. Microsoft is pushing out updates to Windows and the cloud, as well as "working closely with affected chip manufacturers to develop and test mitigations" for its customers.

Meanwhile Amazon has patched its cloud service Amazon Web Services so that it can't be attacked.

AMD explained in a post: "At AMD we develop our products and services with security in mind. Based on our analysis and discussions with the researchers, we believe our products are not susceptible to 'Fallout', 'RIDL' or 'ZombieLoad Attack' because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so".

Buy at Amazon

Intel Core i9-9900K (BX80684I99900K)

TodayYesterday7 days ago30 days ago
$465.00$468.00$488.00
* Prices last scanned on 3/18/2024 at 6:11 pm CDT - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission.

Anthony joined the TweakTown team in 2010 and has since reviewed 100s of graphics cards. Anthony is a long time PC enthusiast with a passion of hate for games built around consoles. FPS gaming since the pre-Quake days, where you were insulted if you used a mouse to aim, he has been addicted to gaming and hardware ever since. Working in IT retail for 10 years gave him great experience with custom-built PCs. His addiction to GPU tech is unwavering and has recently taken a keen interest in artificial intelligence (AI) hardware.

Newsletter Subscription

Related Tags