Information security researchers have discovered a new vulnerability in Intel chips. With this vulnerability, hackers can steal sensitive information directly from the processor. These vulnerabilities are called “ZombieLoad” and can be used for attacks against Intel chips. Intel said that ZombieLoad includes four vulnerabilities, and researchers reported these vulnerabilities to Intel a month ago. Almost every computer with an Intel chip since 2011 has been affected by these vulnerabilities. Unlike the previous processor vulnerability, AMD and ARM chips are said to be unaffected.
The researchers said that ZombieLoad will leak all data currently loaded in the processor core. Intel said that patches to microcode can help clean up the processor’s buffers and prevent data from being read. Researchers showed in a proof-of-concept video that these vulnerabilities could be used to see which websites a person is visiting. However, with a very simple operation, the vulnerability can be re-used to steal passwords or access tokens used to log in to online accounts.
ZombieLoad affects not only PCs and laptops, but cloud computing platforms. The vulnerability could be triggered in a virtual machine that could otherwise isolate other virtual systems and physical hosts.
Intel has released microcode to patch affected processors. Apple, Microsoft, and Google have released patches separately, and other companies are expected to keep up. You can get more ZombieLoad vulnerability information here.