Prompts Intel, Apple, Microsoft, and Google to release patches
A major vulnerability, known as ZombieLoad, has been discovered that affects nearly every Intel processor made since 2011.
According to a new report by security experts, the ZombieLoad flaw allows potential malicious hackers to steal private browsing history, passwords and other information from affected PCs using a software that exploits four bugs in Intel hardware which researchers apparently reported to the processor maker last month.
A “zombie load” is a high amount of data that the processor cannot properly handle, which causes the processor to use elements of its microcode to prevent the whole PC crashing. This load can contain sensitive data from apps and programs, and the flaw allows this information to be accessed.
The ZombieLoad flaw brings to mind the Meltdown and Spectre bugs that plague Intel’s processors. Like Meltdown and Spectre, ZombieLoad is only thought to affect Intel processors, so devices running on AMD or ARM processors (such as smartphones and tablets) shouldn’t be vulnerable.
Release the patches!
While it doesn’t seem like ZombieLoad has been used by malicious hackers to steal information yet, the severity of the threat has caused companies such as Apple, Microsoft, and Google to release patches to mitigate against the vulnerability.
Apple has released a ZombieLoad patch for macOS Mojave 10.14.5, which applies to every Mac and MacBook released since 2011, which also includes an update for its Safari internet browser.
However, it appears that some Macs may see a 40% fall in performance if all the patches are applied. That’s bound to upset a lot of Mac owners, so let’s hope Apple and Intel work on further mitigations that reduce the impact on performance.
There will also be a security update for Macs running macOS Sierra and macOS High Sierra as well. iPhones and iPads are not affected.
Meanwhile, Google has also released patches to mitigate against ZombieLoad. While most Android devices run on ARM hardware and won’t be affected, any Android device using Intel hardware will need to apply the patches.
Chromebooks and Chrome OS devices will have already had the ZombieLoad patches applied. Google has also advised users of its Chrome web browser to make sure they install updates from their operating system – so Windows users and Mac users make sure you’ve got all the latest updates installed.
As we reported earlier, Microsoft has revealed that Windows 7 and XP are vulnerable to ZombieLoad, and it has released patches for all its operating systems which can be installed via Windows Update or from the Microsoft Support website.
Mozilla has also said that it is working on a long-term fix for its Firefox web browser for macOS, and Firefox Beta and Firefox Nightly versions have the patch already installed.
According to Mozilla, no action is needed for Windows and Linux users of Firefox.
We’ll be keeping a close eye on ZombieLoad as this story develops. Meltdown and Spectre ended up causing a lot of disruption – and badly damaged Intel’s reputation. Let’s hope ZombieLoad isn’t as problematic.
Hackers steal 7.5TB of data from Russian Intel Agency FSB’s contractorOn Saturday, 13 July 2019, a group of hackers going by the online handle of 0v1ru$ hacked and defaced the official website of SyTech, a high-profile contractor working for Russian intelligence...
Bluetooth Flaws Could Allow Global Tracking of Apple, Windows 10 DevicesIdentifying tokens and random addresses, meant to create anonymity, do not change in sync on some devices — opening an attack vector. Vulnerabilities in the way Bluetooth Low Energy is implemented...
Sprint says hackers breached customer accounts via Samsung websiteUS mobile network operator Sprint said hackers broke into an unknown number of customer accounts via the Samsung.com "add a line" website. "On June 22, Sprint was informed of unauthorized access to your...
Stay Up to Date With The Latest News & Updates
Join Our Newsletter
Get weekly tech updates and immediate alerts when there is a zero-day or security issue!