It has been just over a year since CPU vulnerabilities like Spectre and Meltdown last dominated the news cycle. Efforts have been made to fix these flaws and newer CPUs have extra protections in place. Unfortunately for Intel, a new issue has now popped up, known as ‘Zombieload’, which has a similar effect to Meltdown, creating a backdoor into PCs via the CPU. This is an issue that can be exploited on any Intel Core or Xeon series CPU dating back to 2011.
Zombieload was discovered by a small group of researchers and works by exploiting a CPU to leak data across processes, privilege boundaries and hyperthreads, essentially creating a backdoor. Most programs normally only have access to their own data, but with Zombieload, a malicious program could exploit the CPU to gain access to information held by other programs running on the machine. So browser history, user keys, passwords or disk encryption keys would be possible points of interest for a hacker. According to the demonstration, it would even be possible to monitor what someone was doing even if they were using a privacy-focused browser like Tor, in addition to a virtual machine.
The group responsible for discovering the flaw and shedding light on it have already been in touch with Intel to get fixes put in place. The official reference number for Zombieload is CVE-2019-12130 and the latest Intel microcode update puts protections in place to mitigate the issue. The latest Windows 10 and macOS security updates also have protections in place with minimal performance impact but these don’t stamp the problem out entirely.
According to the research paper, disabling hyperthreading might be the only way to completely prevent being at risk of a Zombieload attack. This would be a drastic step to take for ordinary consumers, but enterprise and datacentre customers with lots of sensitive information stored may want to consider it, although it will come at the cost of performance.
Microarchitectural Data Sampling (MDS) vulnerabilities are difficult to exploit and are classified as low to medium severity according to the Common Vulnerability Scoring System (CVSS). Right now, there are no reports of this issue being actively exploited outside of a controlled research environment, although that doesn’t necessarily mean that it has never happened.
Following the publishing of independent research into Zombieload, Intel also published its own overview, detailing its efforts for mitigation, the performance impact involved and encouraging Intel CPU users to update their systems.
Those using AMD should be completely safe regardless. While AMD does have its own multi-threading technology, Zombieload could not be reproduced on AMD hardware.
KitGuru Says: The unveiling of Zombieload/MDS comes at an unfortunate time, as Computex is right around the corner and Intel is due to release new CPUs very soon. As you should do after any major security update, make sure you update your operating system, whether you are on Windows, macOS or Linux in order to get the latest fixes.