Remember Meltdown and Spectre from last year? Well here comes ZombieLoad, a new side-channel vulnerability that targets the speculative execution portion of several Intel CPUs the same way Spectre does. Microsoft, Apple, and Google have all released temporary patches to fix this flaw, but is it enough?
What’s with ZombieLoad?
ZombieLoad is one of the four processor chip vulnerabilities that were recently discovered by a group of security researchers from Graz University of Technology. This was the same team of researchers that reported Meltdown and Spectre. The other three vulnerabilities discovered along with ZombieLoad are Fallout, Rouge In-flight Data Load (RIDL), and Store-to-Leak forwarding.
ZombieLoad, much like Spectre, manipulates a vulnerability in speculative execution—a feature used in CPUs to help the processor “predict” what information an app or program will need in order to speed up its performance.
The dilemma with speculative execution
With speculative execution, the processor tries to guess the operation requests it will receive in the near future (i.e., the next few milliseconds), then carries out, or executes, those operations before they’re requested in order to save time when the requests are actually made.
The problem with speculative execution is that by carrying out operations before they are actually needed, the CPU puts the results of those operations in its own short-term memory caches.
Raining worms and zombies
The cybersecurity world has been facing threats from all directions recently with loads of software vulnerabilities being unearthed. From the wormable Remote Desktop Services (RDS) vulnerability to the latest processor flaw, ZombieLoad, vulnerabilities seem to be everywhere.
The newly discovered RDS wormable vulnerability affects more than 450 million computers around the world, while ZombieLoad, the latest contender, affects nearly all Intel chips manufactured dating back to 2011. It’s only a matter of time before these vulnerabilities are exploited.
How critical is the ZombieLoad vulnerability?
While Intel has given ZombieLoad a 6.5 out of 10 severity rating, many researchers feel ZombieLoad is far more dangerous than Intel claims. Many fear that these four new vulnerabilities affect every single Intel processor built from 2011 to now—meaning most MacBooks, the majority of PCs, and most Linux servers are affected.
The only bright side to this vulnerability is that processor chips other than Intel (AMD and ARM) seem unaffected by these vulnerabilities. Daniel Gruss, one of the researchers who discovered the vulnerability, said it was “easier than Spectre” but “harder than Meltdown” to exploit.
Mitigating the ZombieLoad vulnerability
Like Meltdown and Spectre, only the processor manufacturer (Intel in this case) can provide a permanent fix for this vulnerability as this is a design flaw. But major software vendors like Microsoft, Apple, and Google have already released patches to fix ZombieLoad temporarily. You can install these patches in your endpoints to secure yourself from ZombieLoad.
Installing these patches manually to 10 or more endpoints can be both time-consuming and tiring. Patch Manager Plus automates patch deployment to all your endpoints including those running Microsoft, macOS, and Linux. With features to test, approve, and decline patches, and support for over 1,500 third-party applications, Patch Manager Plus makes patching easy.
Download your free, 30-day trial of Patch Manager Plus to get started.