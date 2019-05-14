“Security researchers have found a new class of vulnerabilities in Intel chips which, if exploited, can be used to steal sensitive information directly from the processor,” Zack Whittaker reports for TechCrunch. “The bugs are reminiscent of Meltdown and Spectre, which exploited a weakness in speculative execution, an important part of how modern processors work… Both Meltdown and Spectre leaked sensitive data stored briefly in the processor, including secrets — such as passwords, secret keys and account tokens, and private messages.”

“‘ZombieLoad,’ as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code,” Whittaker reports. “Intel said ZombieLoad is made up of four bugs, which the researchers reported to the chip maker just a month ago. Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks.”

“The researchers showed in a proof-of-concept video that the flaws could be exploited to see which websites a person is visiting in real-time, but could be easily repurposed to grab passwords or access tokens used to log into a victim’s online accounts,” Whittaker reports. “Intel has released microcode to patch vulnerable processors, including Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake and Haswell chips. Intel Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake chips are also affected, as well as all Atom and Knights processors. Computer makers Apple and Microsoft and browser makers Google have released patches, with other companies expected to follow.”

Read more in the full article here.