Intel the maker of processor chips vital for all computing, has finally accepted its chips are currently insecure with the newly identified bug dubbed ZombieLoad. This has prompted Amazon, Apple, Google and Microsoft to issue patches to fix the bug.
Intel has been under fire for some time, as it seemed reluctant to address issues raised by cyber researchers. Those researchers have claimed that Intel chips contained an entirely new class of vulnerabilities that could be exploited.
These vulnerabilities which can be used to obtain confidential and sensitive data from the processor were considered very similar to the notorious Meltdown and Spectre bugs that exploited flaws in the execution processes of modern processors.
ZombieLoad is described as a side-channel attack which mainly targets Intel processor chips. It contains four bugs that exploits design flows without needing to inject a malicious code. In layperson’s terms the bug keeps track of websites a user visits in real-time and obtains sensitive data such as access tokens, user keys or passwords to hijack a victim’s online accounts.
Intel has been highly criticised in the past for its underplaying of the issues in its chips. It transpired that the group of cyber researchers employed to analyse threats had been asked to keep their findings secret for more than a year so, Intel said, it could release the fixes.
Further analysis found that all of Intel’s chips had issues of security going back to 2008. In particular the flaws were found when Intel chips perform speculative execution. This is a feature in which a processor guesses ahead of time at what operations and data it will be asked to execute in order to speed up the chip’s performance.
To eliminate ZombieLoad Intel will release patches to clear the processor’s buffers so any data leakage can be stopped. Intel urges all users to use the patches now being issued by Microsoft, Amazon, Google and Apple to counter the bug.