Story image

ZombieLoad: Another batch of flaws affect Intel chips

16 May 2019

There’s no denying that Intel CPUs are in a large proportion of the world’s modern computers – and Intel is no stranger to being in the firing line when it comes to security flaws.

Following on from the controversy that vulnerabilities dubbed ‘Meltdown’ and ‘Spectre’ could essentially allow attackers to gain access to the computer’s memory systems. Once, in, attackers could steal information from the kernel and cached files, such as passwords, logins and other credentials.

But now there’s a new vulnerability in Intel-powered computers that, if exploited, could allow attackers to ‘leak information data from an area of the memory that hardware safeguards deem off-limits,’ says Bitdefender.

That vulnerability is called ‘ZombieLoad’ and affects all types of Intel chips that have been manufactured since 2011. However, it doesn’t affect AMD and ARM chips as the Meltdown and Spectre vulnerabilities did.

“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system. Additionally, it has an extremely large impact on cloud service providers and multi-tenant environments, as a potentially bad neighbour can leverage this flaw to read data belonging to other users," Bitdefender continues.

“This is a flaw that stems from a hardware design issue, a general fix to plug this vulnerability is impossible and has likely existed in Intel systems for a significant period."

While these vulnerabilities are only proof-of-concepts and haven’t been exploited by attackers (or at least none that vendors know of), the level of skill required to conduct an attack of this type would mean that it’s not likely to become a mass security crisis.

ZombieLoad comprises four vulnerabilities: CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS); CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS); CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS); and CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM).

It uses a tactic known as Microarchitectural Data Sampling. Sophos explains in a blog:  

“It is a flaw in Intel processor hardware, meaning that it affects any operating systems running on x86 chips, including Windows. It uses Intel’s speculative execution feature to pilfer other programs’ data.”

Microsoft, Apple and Google have already released patches to do what they can for a fix. Intel has also released a microcode patch for its CPUs. Microsoft notes that the vulnerabilities affect systems including Android, iOS, Linux, and MacOS so customers should look to their device vendors for more information.

“This vulnerability represents a scary reality that’s actually been around for a quite a while – attackers exploiting the identities of machines to obtain sensitive data. Things like code signing keys, TLS digital certificates, SSH keys are all incredibly valuable targets, and chip vulnerabilities like this make it possible for hackers to steal these critical security assets when running on nearby cloud and virtual machines,” comments Venafi’s VP of security strategy and threat intelligence, Kevin Bocek.

“Some security professionals have forgotten about Heartbleed, but this vulnerability proves that we should expect similar attacks in the future. Security teams need to accept that they won’t be able to avoid vulnerabilities like ZombieLoad; instead they need to focus on protecting the keys and certificates attackers are targeting. Properly responding to a chip vulnerability requires complete visibility of where all keys and certificates are located, intelligence on how they are being used and the automation to replace them in seconds, not days or weeks. Security professionals should consider vulnerabilities like ZombieLoad a dress rehearsal for the day quantum computing breaks all machine identities."

Bitglass appoints new cloud, business development leaders
The cloud security company has appointed vice presidents for worldwide channels and worldwide business development.
Ping Identity offerings accelerates cloud MFA and SSO adoption
90% of respondents trust MFA as an effective security control to protect identity data in public clouds, yet only 60% of organisations have formally adopted it.
Trend Micro introduces cloud and container workload security offering
Container security capabilities added to Trend Micro Deep Security have elevated protection across the DevOps lifecycle and runtime stack.
Veeam joins the ranks of $1bil-revenue software companies
It’s also marked a milestone of 350,000 customers and outlined how it will begin the next stage of its growth.
Veeam enables secondary storage solutions with technology partner program
Veeam has worked with its strategic technology alliance partners to provide flexible deployment options for customers that have continually led to tighter levels of integration.
Veeam Availability Orchestrator update aims to democratise DR
The ability to automatically test, document and reliably recover entire sites, as well as individual workloads from backups in a completely orchestrated way lowers the total cost of ownership (TCO) of DR.
EXCLUSIVE: Forcepoint global channel chief talks strategy
As a solution sold 100% via the channel, cybersecurity solutions company Forcepoint places a strong emphasis on its partner relationships.
Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."