ZombieLoad flaw affects nearly every Intel processor since 2011

May 15, 2019

Prompts Intel, Apple, Microsoft, and Google to release patches

A major vulnerability, known as ZombieLoad, has been discovered that affects nearly every Intel processor made since 2011.

According to a new report by security experts, the ZombieLoad flaw allows potential malicious hackers to steal private browsing history, passwords and other information from affected PCs using a software that exploits four bugs in Intel hardware which researchers apparently reported to the processor maker last month.

A “zombie load” is a high amount of data that the processor cannot properly handle, which causes the processor to use elements of its microcode to prevent the whole PC crashing. This load can contain sensitive data from apps and programs, and the flaw allows this information to be accessed.

The ZombieLoad flaw brings to mind the Meltdown and Spectre bugs that plague Intel’s processors. Like Meltdown and Spectre, ZombieLoad is only thought to affect Intel processors, so devices running on AMD or ARM processors (such as smartphones and tablets) shouldn’t be vulnerable.

Release the patches!

While it doesn’t seem like ZombieLoad has been used by malicious hackers to steal information yet, the severity of the threat has caused companies such as Apple, Microsoft, and Google to release patches to mitigate against the vulnerability.

Apple has released a ZombieLoad patch for macOS Mojave 10.14.5, which applies to every Mac and MacBook released since 2011, which also includes an update for its Safari internet browser.

However, it appears that some Macs may see a 40% fall in performance if all the patches are applied. That’s bound to upset a lot of Mac owners, so let’s hope Apple and Intel work on further mitigations that reduce the impact on performance.

There will also be a security update for Macs running macOS Sierra and macOS High Sierra as well. iPhones and iPads are not affected.

Meanwhile, Google has also released patches to mitigate against ZombieLoad. While most Android devices run on ARM hardware and won’t be affected, any Android device using Intel hardware will need to apply the patches.

Chromebooks and Chrome OS devices will have already had the ZombieLoad patches applied. Google has also advised users of its Chrome web browser to make sure they install updates from their operating system – so Windows users and Mac users make sure you’ve got all the latest updates installed.

As we reported earlier, Microsoft has revealed that Windows 7 and XP are vulnerable to ZombieLoad, and it has released patches for all its operating systems which can be installed via Windows Update or from the Microsoft Support website.

Mozilla has also said that it is working on a long-term fix for its Firefox web browser for macOS, and Firefox Beta and Firefox Nightly versions have the patch already installed.

According to Mozilla, no action is needed for Windows and Linux users of Firefox.

We’ll be keeping a close eye on ZombieLoad as this story develops. Meltdown and Spectre ended up causing a lot of disruption – and badly damaged Intel’s reputation. Let’s hope ZombieLoad isn’t as problematic.

Related Articles

EHR Vendor Slapped With HIPAA Fine

EHR Vendor Slapped With HIPAA FineInvestigation Came in Wake of Cyberattack That Affected Millions Federal regulators have smacked a cloud-based electronics health records vendor with a $100,000 HIPAA settlement in the wake of a 2015 cyberattack that affected millions...

‘BlueKeep’ Windows Remote Desktop flaw gets PoC exploits

‘BlueKeep’ Windows Remote Desktop flaw gets PoC exploitsMultiple researchers created proof-of-concept exploits, including remote code execution attacks, targeting the recently patched Windows Remote Desktop flaw called BlueKeep. Microsoft patched a...

Database with millions of Instagram influencers’ info leaked online

Database with millions of Instagram influencers’ info leaked onlineThe leaked database was discovered on Shodan on May 14th. A huge online database containing private contact information including phone numbers and email IDs of roughly 50 million Instagram profiles...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

Get weekly tech updates and immediate alerts when there is a zero-day or security issue!

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Share This