No sooner had the industry moved away from last year’s Meltdown and Specter , when users faced a new danger – ZombieLoad. Owners of computers with Intel processors are at risk. With the help of this vulnerability attackers can remotely steal other people's data. We tell how to protect yourself from potential danger.
The company Intel confirmed the existence of vulnerabilities ZombieLoad and said that it consists of four errors in the microcode processors. All personal computers and cloud servers are subject to hacking, built on the basis of Intel chips, released since 2011. On devices with AMD processors, this problem does not apply.
The essence of ZombieLoad is to attack the processor by submitting a large amount of information that it is not capable of processing. To prevent failure, the chip accesses the microcode by performing a reboot. One of the errors allows at this moment to get access to all the data that were processed by the processor cores. In normal operation, applications have access only to their own data.
With the help of ZombieLoad, attackers can find out which sites a user is browsing in real time, steal their passwords and access tokens from payment systems and seize other valuable information. However, for this, a person needs to download infected software onto his computer and run it.
Apple, Google, Microsoft, Amazon and other large corporations have already started distributing updates protecting against ZombieLoad. Intel also released the appropriate patches for all affected processors. The company notes that the corrections made to the microcode will clear the processor buffer during an overload, thus preventing the possibility of malware access to data from other applications.
To ensure security, macOS users should upgrade to version 10.14.5, containing all necessary patches. Microsoft has also released a corresponding patch for Windows users through Windows Update. If automatic installation of updates is disabled on your computer, you should enable this option or download the new microcode version for Intel processors from the special Microsoft website .