A major vulnerability, known as ZombieLoad, has been discovered that affects nearly every Intel processor made since 2011.
According to a new report by security experts, the ZombieLoad flaw allows potential malicious hackers to steal private browsing history, passwords and other information from affected PCs using a software that exploits four bugs in Intel hardware which researchers apparently reported to the processor maker last month.
- Microsoft offers a huge cash reward to stop the next Meltdown or Spectre
- Best internet security suites of 2019
- Top challenges for security infrastructure in 2019
A “zombie load” is a high amount of data that the processor cannot properly handle, which causes the processor to use elements of its microcode to prevent the whole PC crashing. This load can contain sensitive data from apps and programs, and the flaw allows this information to be accessed.
The ZombieLoad flaw brings to mind the Meltdown and Spectre bugs that plagues Intel’s processors. Like Meltdown and Spectre, ZombieLoad is only thought to affect Intel processors, so devices running on AMD or ARM processors (such as smartphones and tablets) shouldn’t be vulnerable.
Release the patches!
While it doesn’t seem like ZombieLoad has been used by malicious hackers to steal information yet, the severity of the threat has caused companies such as Apple, Microsoft and Google to release patches to mitigate against the vulnerability.
Apple has released a ZombieLoad patch for macOS Mojave 10.14.5, which applies to every Mac and MacBook released since 2011, which also includes an update for its Safari internet browser.
However, it appears that some Macs may see a 40% fall in performance if all the patches are applied. That’s bound to upset a lot of Mac owners, so let’s hope Apple and Intel work on further mitigations that reduce the impact to performance.
There will also be a security update for Macs running macOS Sierra and macOS High Sierra as well. iPhones and iPads are not affected.
Meanwhile, Google has also released patches to mitigate against ZombieLoad. While most Android devices run on ARM hardware and won’t be affected, any Android device using Intel hardware will need to apply the patches.
Chromebooks and Chrome OS devices will have already had the ZombieLoad patches applied. Google has also advised users of its Chrome web browser to make sure they install updates from their operating system – so Windows users and Mac users make sure you’ve got all the latest updates installed.
As we reported earlier, Microsoft has revealed that Windows 7 and XP are vulnerable to ZombieLoad, and it has released patches for all its operating systems which can be installed via Windows Update or from the Microsoft Support website.
Mozilla has also said that it is working on a long-term fix for its Firefox web browser for macOS, and Firefox Beta and Firefox Nightly versions have the patch already installed.
According to Mozilla, no action is needed for Windows and Linux users of Firefox.
We’ll be keeping a close eye on ZombieLoad as this story develops. Meltdown and Spectre ended up causing a lot of disruption – and badly damaged Intel’s reputation. Let’s hope ZombieLoad isn’t as problematic.
Via
Tech
via https://www.aiupnow.com
Matt Hanson, Khareem Sudlow