Story image

ZombieLoad: Another batch of flaws affect Intel chips

16 May 2019

There’s no denying that Intel CPUs are in a large proportion of the world’s modern computers – and Intel is no stranger to being in the firing line when it comes to security flaws.

Following on from the controversy that vulnerabilities dubbed ‘Meltdown’ and ‘Spectre’ could essentially allow attackers to gain access to the computer’s memory systems. Once, in, attackers could steal information from the kernel and cached files, such as passwords, logins and other credentials.

But now there’s a new vulnerability in Intel-powered computers that, if exploited, could allow attackers to ‘leak information data from an area of the memory that hardware safeguards deem off-limits,’ says Bitdefender.

That vulnerability is called ‘ZombieLoad’ and affects all types of Intel chips that have been manufactured since 2011. However, it doesn’t affect AMD and ARM chips as the Meltdown and Spectre vulnerabilities did.

“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system. Additionally, it has an extremely large impact on cloud service providers and multi-tenant environments, as a potentially bad neighbour can leverage this flaw to read data belonging to other users," Bitdefender continues.

“This is a flaw that stems from a hardware design issue, a general fix to plug this vulnerability is impossible and has likely existed in Intel systems for a significant period."

While these vulnerabilities are only proof-of-concepts and haven’t been exploited by attackers (or at least none that vendors know of), the level of skill required to conduct an attack of this type would mean that it’s not likely to become a mass security crisis.

ZombieLoad comprises four vulnerabilities: CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS); CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS); CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS); and CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM).

It uses a tactic known as Microarchitectural Data Sampling. Sophos explains in a blog:  

“It is a flaw in Intel processor hardware, meaning that it affects any operating systems running on x86 chips, including Windows. It uses Intel’s speculative execution feature to pilfer other programs’ data.”

Microsoft, Apple and Google have already released patches to do what they can for a fix. Intel has also released a microcode patch for its CPUs. Microsoft notes that the vulnerabilities affect systems including Android, iOS, Linux, and MacOS so customers should look to their device vendors for more information.

“This vulnerability represents a scary reality that’s actually been around for a quite a while – attackers exploiting the identities of machines to obtain sensitive data. Things like code signing keys, TLS digital certificates, SSH keys are all incredibly valuable targets, and chip vulnerabilities like this make it possible for hackers to steal these critical security assets when running on nearby cloud and virtual machines,” comments Venafi’s VP of security strategy and threat intelligence, Kevin Bocek.

“Some security professionals have forgotten about Heartbleed, but this vulnerability proves that we should expect similar attacks in the future. Security teams need to accept that they won’t be able to avoid vulnerabilities like ZombieLoad; instead they need to focus on protecting the keys and certificates attackers are targeting. Properly responding to a chip vulnerability requires complete visibility of where all keys and certificates are located, intelligence on how they are being used and the automation to replace them in seconds, not days or weeks. Security professionals should consider vulnerabilities like ZombieLoad a dress rehearsal for the day quantum computing breaks all machine identities."

Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.