Zombieload! Patch yourself!

What is Zombieload?

You've probably heard of Meltdown, Spectre, and Foreshadow. Well, this is another exploit found with the modern Intel CPUs. The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them. Declared CVE-2018-12130.

While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys.

zombieload_square

Who is affected?

There's a good chance your laptop is powered by an Intel CPU. If so, then you'll need to update your computer immediately, after a class of vulnerabilities was discovered that allows attackers to steal data directly from your processor.

The so-called ZombieLoad bug and three related vulnerabilities were unearthed by some of the same researchers who brought the critical Spectre and Meltdown flaws into the spotlight, and it shares many similarities to those bugs.

ZombieLoad and its kin affect every Intel processor made since 2011, which means all MacBooks, and a large majority of Windows PCs, most Linux servers and even many Chromebooks are in the crosshairs. The bugs can even be used on virtual machines in the cloud. But AMD and ARM chips do not appear to affected by these latest flaws.

How do I protect myself?

Download the latest updates from your OS provider. Rest assured that your cloud provider will take care of this on you behalf. In fact, as the time of writing (1 day after discovery) AWS had already patched their systems. This is partly due to the relationships that they have, and their requirements to get these sort of vulnerabilities patched before they come out to the public.

Intel are saying that some of the 8th and 9th generation CPUs are already protected against the flaw, and that all future CPUs will include the corrected architecture. Though it's important to note, that the researchers that discovered this vulnerability disagree with Intel, and say that all CPUs are affected by this.

How does it work?

The exploit found weaknesses in a widely used feature called "speculative execution," which is used to help a processor predict what an application or program will need next in order to improve performance. The processor predicts which operation will be requested in the next few milliseconds. The processor then executes those operations before they're requested to save time.
The problem is that the data where those operations are stored go into their own short term memory caches. Which these exploits are all able to read and extrapolate.

There's a technical breakdown of the four new exploits here. There is also a proof of concept video on the Zombieload website that shows how the Zombieload exploit can be executed to see which websites a person is viewing in real time. This obviously could allow attackers to gather vital information like passwords, bank details, encryption keys directly from the CPU.