A new set of vulnerabilities have been discovered in Intel processors that brings back memories of the infamous Meltdown, Spectre and Foreshadow class of flaws. What that means is that the newly discovered flaw named ZombieLoad is capable of leaking info in much the same way as the others mentioned above.
To elaborate on the same, ZombieLoad is a side-channel attack that makes it possible for hackers to retrieve the data that the CPU is processing at that point of time. Also, the basic modus operandi is the same too in that it exploits the speculative execution process to leak info.
The speculative execution process again is an optimization technique employed in Intel processors to allow for processing efficiency by improving data processing speed. However, researchers have discovered the speculative execution process to be not quite as impregnable as Intel no doubt would have liked it to be.
The researchers comprising of academics from around the world, as well as security researchers from Bitdefender, have come to the conclusion that data can be leaked by exploiting loopholes in some components of the speculative execution process. Those include the various CPU buffer zones as well as the data processing operation itself.
This has led the researchers to name the flaw as Microarchitectural Data Sampling (MDS) given that it depends on the microarchitectural data structures of the processor such as the load, store, and line fill buffers for leaking info. The above processes are utilised by the CPU for fast read and write operations of the data being processed in the CPU.
The researchers some of whom have been involved in the Meltdown and Spectre revelations has said all Intel processors released since 2011 are known to be vulnerable of the flaw. Further, processors that find application in laptops, tablets, desktops, cloud servers and all from Intel suffer the same vulnerability.
That said, it also isn’t easy for anyone to be able to exploit the flaw given the immense complexity of the process the researchers employed to detect the same. Also, the latest generation of Intel processor is known to be immune to ZombieLoad while the latest set of security patches released by Intel also has the bug adequately covered. What that means is that ZombieLoad has been taken care of well and it won’t really be easy for just about anyone to exploit the processing loophole.