A new security flaw has been discovered in Intel processors which allows attackers to hijack any data that the processor has access to. The flaw labelled as ZombieLoad is present on a vast majority of Intel chips from now all the way back to 2011.
ZombieLoad refers to the kind of data that a processor can’t handle which can thus be exploited with a code inputted to the Intel hardware. This was discovered by researchers from the Graz University of Technology who later disclosed to Intel about how the vulnerability is prone to four new attacks.
The flaw can allow attackers to capture information like encryption keys and passwords, which can hinder the security of a system to its foundation. The flaw comes from the same family as the Meltdown and Spectre flaws which were revealed last year.
It first affects the data stored on the Intel chip from previous processes that are used to execute functions more smoothly. This data can then be accessed by the attacker and it’s done so without leaving any trace of an attack. Windows, Android, Chrome, iOS, Linux, and MacOS are included among the affected systems.
In addition to ZombieLoad, the flaw can also be the result of vulnerabilities including RIDL & Fallout and Store-to-Leak Forwarding.
Apple and Google had issued updates on the flaw while Microsoft announced the same earlier today. The flaw has been fixed on 8th and 9th generation Intel Core processors as well as the 2nd generation Intel Xeon Scalable processor. Other Intel chips can be fixed with an update to the microcode which will avoid hardcoding the microprocessor.