A newly discovered security flaw in Intel processors allows attackers to steal any information that the processor has recently accessed. That is even true in cloud servers, which could allow an attacker to steal information from other virtual machines running on the same PC.
It is not known if the attack, called ZombieLoad, has been used by malicious hackers. The fault was discovered by researchers at the University of Technology in Graz and was revealed to Intel. Intel has issued a code to patch the failure, although it must be implemented by individual manufacturers and then installed by users before they are all protected.
The flaw affects almost all Intel chips since 2011, according to TechCrunch . Wired reports that Apple and Google have already released updates, while Microsoft announced the availability of updates today. Attackers have to be able to execute code on a machine in order to take advantage of ZombieLoad, so it is not a flaw that everyone is at imminent risk.
ZombieLoad is the latest in a series of serious security flaws that take advantage of a process, known as speculative execution, that is integrated into most modern processors. The feature allows processors to execute future commands in a preventive manner, offering speed increases. But as the researchers first discovered with Specter and Meltdown, that process leaves some huge vulnerabilities for the attackers to slip.
The correction of these vulnerabilities has required patching the processors so that they can slow them down slightly. But solutions do not cut the attack vector completely, speculative execution is an area in which researchers hope to find fault. Specter and Meltdown were the first two, and another was discovered a few months later.
So far, these attacks have not had the horrific effects that researchers have warned. There have been a lot of patches, but the deceleration has been less and there has not yet been a major attack that takes advantage of these flaws. However, that does not mean that those problems will never come, and with years of computers full of chips threatened, it is likely that they will continue to encounter more attacks.