What is ZombieLoad and why you should update your computer immediately
'ZombieLoad' is a new vulnerability recently discovered that affects Intel processors produced since 2011 and that allows access to private data on a computer. Like the infamous Meltdown and Specter, it is also a failure in the speculative execution of the CPUs.
If an attacker manages to exploit this vulnerability he may be able to steal sensitive data directly from the processor, that is, when he accesses them. The researchers explain that if your system is affected, ZombieLoad can read data that was recently accessed or accessed in parallel in the same processor core.
Those who discovered it showed a proof of concept in which they are able to look in real time at the websites that a person visits, and they explain that they could very well use the vulnerability to steal passwords or tokens and log in to the victim's online accounts .
ZombieLoad is a type of attack that exploits a weakness in the speculative execution of processors, that is, the ability of the chip to predict to some degree what an app or operating system might need in the near future, the processor does this so that everything runs faster and more efficiently.
The researchers explain that normally an application is only able to see its own data, but this bug allows any type of data that is being loaded by the core of the processor to be filtered, as sensitive or secret information that other programs are running.
ZombieLoad allows any sensitive data loaded in the processor to be filtered in real time
ZombieLoad is a side channel attack aimed at Intel chips, they have put that name in relation to the "zombie load", a quantity of data that the processor can not understand or process correctly and that forces the CPU to ask for help from your microcode to avoid a hang
ZombieLoad can be compiled into an application or installed as malware, but the researchers who discovered them explain that a set of specific skills and efforts are required to start an attack, and so far there is no evidence that it is being actively exploited. However, they also explain that an attack could leave no trace.
How ZombieLoad affects me and what should I do
If you have any Intel Xeon processor, Broadwell, Sandy Bridge, Skylake, Haswell, Kaby Lake, Coffee Lake, Whiskey Lake, Cascade Lake, Atom or Knights, you are affected. Intel has had to release a patch for the microcode of its processors.
Recall that being a vulnerability in the processor and not software, can be mitigated with microcode updates and operating systems, but in exchange for loss of performance
The AMD and ARM processors have not been affected by this vulnerability
There is no need to panic, because in addition to Intel itself, Microsoft has also started deploying updates to mitigate the vulnerability, and are working on new patches with manufacturers.
A summary of all the updates for the Intel microcode is available on the Microsoft support page, although many will be sent through Windows Update in the usual Tuesday patches to all affected users, therefore update as much as possible. soon as posible. Microsoft's recommendation is that you first install all updates through Windows Update before installing any microcode updates.
Apple explained that any of its computers running macOS Mojave 10.14.5 is already protected, the update with the patches will also reach Sierra and High Sierra soon. It is important to update all Macs and Macbooks released from 2011 onwards. Some teams may experience a loss of up to 40% in performance. The iPhone, iPad and Apple Watch are not affected.
Google explained that their Chromebooks are already protected in the latest version, and that the vast majority of Android devices are not affected. Therefore, as a user you should only wait for the update to arrive. Both Google and Amazon and Microsoft have patched their cloud infrastructure.
Mozilla has applied the mitigation recommended by Apple in macOS and will be part of Firefox 67, the beta and nightly versions of the browser already have the patches, and say that it is not necessary to do anything else in Windows or Linux.