A vulnerability recently found in Intel chips is said to be a massive threat to the security of the data present in them.
The bug is said to be a leftover part of Meltdown and Spectre, the two techniques discovered back in 2018 and used to expose and misuse any data processed by the computer. These techniques were very effective because they used the speculative execution method of the processors to gain access to sensitive information such as passwords, messages and emails, and even saved bank account details.
ZombieLoad, the new flaw discovered, allows hackers to effectively and efficiently exploit the already existing flaws in the design of the architecture rather than injecting new, malicious code.
The name, ZombieLoad comes from the term ‘Zombie Load’ used by computer scientists to describe an amount of data that the processor cannot handle. The processor then asks its microcode for help in order to stop the system from crashing. Under normal circumstances, an application can only use their own allotted set of processor resources. ZombieLoad essentially leaks any data loaded into the processor to any application using the processor at the time. According to researchers, ZombieLoad is made up of four bugs and Intel plans on introducing patches into the processors’ microcode to help clear out the buffers and prevent the bleeding of data into other apps.
Like its ancestors, ZombieLoad not only affects physical machines but also makes the cloud vulnerable to these leaks. This poses not only a local concern but there is also a threat that ZombieLoad can be used to access data stored on other processors linked to the same server hardware.
The likes of Apple and Microsoft have already started rolling out patches, with other companies will be releasing them in the near future.
No public reports of any attacks have been reported as yet and users have been assured by the researchers that discovered ZombieLoad that there is no need to panic. The exploitation of ZombieLoad requires a specific set of skills and effort and, according to researchers, there are far easier ways to hack into a computer and hack data.