Almost all Intel processors released after 2011, found vulnerability called ZombieLoad. It can be used to steal data of users, Wired reports. Its presence is also confirmed in Intel.
The attack is carried out by four errors in the microcode of the Intel chip. The AMD processors built on the ARM architecture is not affected. At its core, it is reminiscent of Meltdown and the Spectre, who discovered in 2018 and used the error in the system priority command.
During the application priority run commands, the system tries to predict what data may be needed for running processes, which increases the system speed. If the prediction is false, then the system resets the query result data. During the attack the CPU receives a large amount of data, which he is not able to handle, and makes it refer to the firmware to prevent the failure. As a result of this overload ZombieLoad able to obtain any data used by the processor core, avoiding restriction.
“Attack ZombieLoad allows you to swipe sensitive data and keys during the access to them by the computer, write the researchers who discovered the vulnerability. — It can be as personal user data, like browser history, content, websites, passwords, and system data, like encryption keys disk”.
Indicates that the vulnerability affects all Intel processors released after 2011 (except for the Core 8-th and 9-th generation, in which there is protection from the attacks of speculative execution), including conventional PCs and laptops as well as servers. Apple, Microsoft and Google have already released an update that eliminates a security vulnerability.
Video, photo All from Russia.