Almost Every Intel Chip Since 2011 Has a Secret-Stealing Flaw

New security flaw in Intel chips could affect millions

Intel processors hit with another serious security flaw impacting millions of PCs

Greg Kroah-Hartman has issued Linux 5.1.2, 5.0.16, 4.19.43, 4.14.119, and 4.9.176 with these now public mitigation patches that pair with Intel's CPU microcode for mitigating this latest set of speculative execution side-channel vulnerabilities.

Security researchers and Intel have recently disclosed a security vulnerability that has a major impact on a huge number of processors that Intel has released since 2011.

A "zombie load" is a high amount of data that the processor can not properly handle, which causes the processor to use elements of its microcode to prevent the whole PC crashing.

ZombieLoad, discovered by members of the team who first found Meltdown and Spectre, is similar in concept to Meltdown: Data which is pre-loaded into the processor as a performance enhancement can be read by other processes running on the same physical core, unless Hyper-Threading - which allows two threads to run simultaneously on a single physical core - is disabled. However, the vulnerability somehow doesn't impact AMD and ARM processors for the time being. This load can contain sensitive data from apps and programs, and the flaw allows this information to be accessed.

Software vendors, meanwhile, have begun rolling out software mitigations for the new vulnerabilities, including patches from Microsoft released as part of last night's Patch Tuesday Update cycle. It's also released code updates to mitigate the risk.

There will also be a security update for Macs running macOS Sierra and macOS High Sierra as well. iPhones and iPads are not affected.

Chromebooks and Chrome OS devices will have already had the ZombieLoad patches applied.

To exploit the vulnerabilities hackers would have to get some malware onto the user system or enterprise server. So, always keep your system updated with the latest security patches in order to stay protected from the vulnerability.

Fixing these flaws is also problematic as it requires patching processors in ways that may slow them down.

According to Mozilla, no action is needed for Windows and Linux users of Firefox. Let's hope ZombieLoad isn't as problematic.

Altre Notizie