ZombieLoad apocalypse: Spectre-like flaw affects post-2011 Intel chips

15 May 2019

Image: © Raybon/Stock.adobe.com

Tech giants including Apple, Amazon, Google, Microsoft and Mozilla have released patches for a new side-channel flaw found in Intel chips.

A major flaw has been discovered that affects nearly all post-2011 Intel chips and, if exploited, could be used to steal sensitive information directly from the processor.

It is understood that AMD and ARM chips are not vulnerable.

There are four different variants of the flaw, codenamed ZombieLoad, Fallout, RIDL (rogue in-flight data load) and MDSUM (microarchitectural data sampling uncacheable memory), with ZombieLoad believed to be the most dangerous.

Reminiscent of Meltdown and Spectre, which exploited weaknesses in speculative execution (common on chips) to reveal information such as passwords and tokens, the vulnerability allows hackers to exploit design flaws rather than injecting malicious code.

What does all of this mean for ordinary users? In plain English, it basically means that hackers who would have known what they were doing could divert data from a chip to another device if they knew how to exploit the vulnerabilities or flaws in chip design.

Researchers and Intel have known about this for more than a year and astute users should accept software updates to patch the flaws.

Ghosts in the machine

The flaws were discovered by researchers from the Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute and Saarland University in Germany, as well as security firms Cyberus, BitDefender, Qihoo 360 and Oracle.

Intel has labelled the new set of vulnerabilities as a form of microarchitectural data sampling (MDS).

“Under certain conditions, data in microarchitectural structures that the currently running software does not have permission to access may be speculatively accessed by faulting or assisting load or store operations. This does not result in incorrect program execution because these operations never complete, and their results are never returned to software. However, software may be able to forward this speculative-only data to a side-channel disclosure gadget in a way that potentially allows malicious actors to infer the data.”

Intel said it has been working with operating system vendors, equipment manufacturers and other ecosystem partners to develop platform firmware and software updates that can help protect systems from these methods.

“This includes the release of updated Intel microprocessor microcode to our customers and partners,” the company said.

“End users and systems administrators should check with their system manufacturers and system software vendors, and apply any available updates as soon as practical.”

The company has published a list of impacted Intel processors, including in-depth details about the status of updates for each processor.

Microsoft has published operating system updates for Windows, Windows Server and SQL Server databases while Azure clients are already protected.

Google has published a help page that lists the status of each of its products and how they are protected from the MDS threat. It said that Android users are not impacted.

Similar to Google and Microsoft, Amazon said that it has already patched and applied mitigations.

Apple said it has introduced updates for MacOS Mojave and High Sierra.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years