SecurityBrief Asia logo
Story image

ZombieLoad: Another batch of flaws affect Intel chips

16 May 2019

There’s no denying that Intel CPUs are in a large proportion of the world’s modern computers – and Intel is no stranger to being in the firing line when it comes to security flaws.

Following on from the controversy that vulnerabilities dubbed ‘Meltdown’ and ‘Spectre’ could essentially allow attackers to gain access to the computer’s memory systems. Once, in, attackers could steal information from the kernel and cached files, such as passwords, logins and other credentials.

But now there’s a new vulnerability in Intel-powered computers that, if exploited, could allow attackers to ‘leak information data from an area of the memory that hardware safeguards deem off-limits,’ says Bitdefender.

That vulnerability is called ‘ZombieLoad’ and affects all types of Intel chips that have been manufactured since 2011. However, it doesn’t affect AMD and ARM chips as the Meltdown and Spectre vulnerabilities did.

“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system. Additionally, it has an extremely large impact on cloud service providers and multi-tenant environments, as a potentially bad neighbour can leverage this flaw to read data belonging to other users," Bitdefender continues.

“This is a flaw that stems from a hardware design issue, a general fix to plug this vulnerability is impossible and has likely existed in Intel systems for a significant period."

While these vulnerabilities are only proof-of-concepts and haven’t been exploited by attackers (or at least none that vendors know of), the level of skill required to conduct an attack of this type would mean that it’s not likely to become a mass security crisis.

ZombieLoad comprises four vulnerabilities: CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS); CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS); CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS); and CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM).

It uses a tactic known as Microarchitectural Data Sampling. Sophos explains in a blog:  

“It is a flaw in Intel processor hardware, meaning that it affects any operating systems running on x86 chips, including Windows. It uses Intel’s speculative execution feature to pilfer other programs’ data.”

Microsoft, Apple and Google have already released patches to do what they can for a fix. Intel has also released a microcode patch for its CPUs. Microsoft notes that the vulnerabilities affect systems including Android, iOS, Linux, and MacOS so customers should look to their device vendors for more information.

“This vulnerability represents a scary reality that’s actually been around for a quite a while – attackers exploiting the identities of machines to obtain sensitive data. Things like code signing keys, TLS digital certificates, SSH keys are all incredibly valuable targets, and chip vulnerabilities like this make it possible for hackers to steal these critical security assets when running on nearby cloud and virtual machines,” comments Venafi’s VP of security strategy and threat intelligence, Kevin Bocek.

“Some security professionals have forgotten about Heartbleed, but this vulnerability proves that we should expect similar attacks in the future. Security teams need to accept that they won’t be able to avoid vulnerabilities like ZombieLoad; instead they need to focus on protecting the keys and certificates attackers are targeting. Properly responding to a chip vulnerability requires complete visibility of where all keys and certificates are located, intelligence on how they are being used and the automation to replace them in seconds, not days or weeks. Security professionals should consider vulnerabilities like ZombieLoad a dress rehearsal for the day quantum computing breaks all machine identities."

Story image
Users becoming more savvy with COVID phishing scams
“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks."More
Story image
rhipe acquires emt Distribution, with aim to expand into enterprise market
The acquisition will enable rhipe to deliver a comprehensive portfolio of end-to-end security capabilities to its partners, the company says.More
Story image
WatchGuard uncovers top cyber threat trends of Q4 2020
“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections."More
Story image
Remote work continues, and endpoint security cited as a must
Nearly half of workers will stay remote after the pandemic ends, and two out of three IT professionals are concerned with endpoint misuse, according to Prey Software's new study.More
Story image
Egnyte ensures greater security across Microsoft 365 with latest integrations
The new integrations are aimed at helping mid-sized organisations prevent data loss, address a growing number of regional privacy regulations, and simplify the overall management of content with minimal administrative overhead.More
Story image
iland and Cohesity form alliance, target data protection market
"Together with Cohesity, we will deliver elegant and cutting-edge solutions that will take our joint customers’ digital transformation projects to the next level."More