zombieload
Latest
Intel is patching its Zombieload CPU security flaw for the third time
For the third time in less than a year, Intel has disclosed a new set of vulnerabilities related to the speculative functionality of its processors. On Monday, the company said it will issue a software update "in the coming weeks" that will fix two more microarchitectural data sampling (MDS) or Zombieload flaws. This latest update comes after the company released two separate patches in May and November of last year.
AMD says its chips are immune to crippling new vulnerabilities
As if Spectre and Meltdown weren't bad enough, researchers recently unveiled a quartet of new CPU flaws: Zombieload, RIDL & Fallout, and Store-to-Leak Forwarding, known as MDS vulnerabilities. They're serious enough that Intel-powered PC owners need to patch them immediately, which will unfortunately impact performance -- especially in multi-threading mode. However, AMD owners are in luck. On its website, Intel's rival said that its chips are immune to the problems thanks to built-in hardware protection checks.
Install updates now to address a vulnerability in most Intel CPUs
In January 2018, a pair of security exploits dubbed Spectre and Meltdown showed how attackers could take advantage of commonly-implemented CPU technology to access data they shouldn't have been able to. They were followed by a similar bug, Foreshadow, late last year, and now researchers have uncovered four different techniques that exploit Intel's speculative execution technology in a similar way. The website CPU.fail has collected information about each vulnerability -- they're collectively referred to as Microarchitectural Data Sampling (MDS) -- including Zombieload, RIDL & Fallout, and Store-to-Leak Forwarding. Example code shows how the attacks could be launched using malicious JavaScript, for example, and researchers state that it would be difficult for antivirus software to detect it, however they have not found evidence of anyone using the tech in attacks so far.
