Millions of computers affected by Intel chip flaw

Millions of computers affected by Intel chip flaw

If carried out, a "ZombieLoad" attack could exploit existing flaws to steal data rather than creating malware. This would, for example, allow software running in a virtual machine on a server to see the data from another company running on the same server. In these cases, customers should consider how they utilize SMT for their particular workload (s), guidance from their OS and VMM software providers, and the security threat model for their particular environment.

According to Mozilla, no action is needed for Windows and Linux users of Firefox.

The company noted that it has addressed the hardware problem in its processors, including a fix to its future processors, with microcode updates. However, this is a brand-new side-channel attack which relies upon four Intel CPU design flaws that weren't patched up in the wake of previous scares.

"However, unlike the recent Cisco router vulnerability, and most notably the "2nd flaw" that was making headlines, a patch or patches are available and they will help", said Curry.

According to Daniel Gruss - one of the researchers who discovered the flaws - ZombieLoad is hard to execute, meaning that it is unlikely to be an issue for the average user.

"ZombieLoad is a novel category of side-channel attacks which we refer to as data-sampling attack", the researchers say in a Tuesday blog post. Most programs normally only have access to their own data, but with Zombieload, a malicious program could exploit the CPU to gain access to information held by other programs running on the machine. The vulnerability may allow attackers to 'resurrect' critical data processed by the chip - from browser history and passwords to disk encryption keys and other system-level sensitive data.

Researchers have discovered a major new set of vulnerabilities in almost all post-2011 Intel chips which could enable side-channel attacks targeting sensitive information.

More news: Blac Chyna Talks About Her Relationship with Tyga and Rob

The researchers who discovered the vulnerabilities published this proof-of-concept demonstration showing how an unprivileged attacker - who has the ability to execute code on a system - can reconstruct URLs being visited in Firefox.

Here's a video from researchers showing the ZombieLoad exploit in action.

The so-called ZombieLoad bug was unearthed by some of the same researchers who brought the critical Spectre and Meltdown flaws into the spotlight, and it shares many similarities to those vulnerabilities.

Intel has validated that new issues identified with its processor chips convey that certain computer purchasers are facing a strike in the system's performance.

Fill buffer attack (aka RIDL): Targeting temporary buffers between CPU caches.

Whether the ZombieLand vulnerabilities have been exploited in the wild remains unknown. But hackers can exploit the newly discovered vulnerabilities to steal the discarded data before it's deleted and read the contents.

Intel told Wired that its own researchers discovered the MDS vulnerabilities past year. Some current processors already have built-in mitigations.