ZombieLoad just won’t die, with Intel forced to push out a third patch

Intel has issued another – third – patch to fix a couple of new variations on the ZombieLoad security flaw which poses a threat to the chip giant’s processors.

ZombieLoad is a speculation execution vulnerability, and more specifically an ‘MDS’ (microarchitectural data sampling) variant. It can be leveraged to exploit flaws in the way Intel’s CPUs handle data, potentially allowing hackers to steal all manner of sensitive information like passwords, browsing history and so forth.

The problem first came to light back in May 2019, whereupon Intel issued an initial patch. The chip giant patched again in November to prevent a further type of attack not covered with that first fix, but now it has emerged that there are two further variants which need action.

Hence this third patch being deployed, and as Wired reports, it addresses this pair of new gremlins, although one of them is more limited in terms of possible exploits.

Known as L1DES (which stands for L1 Data Eviction Sampling – referring to the L1 cache on the CPU), according to the security experts Wired spoke to, it doesn’t affect recent Intel processors – only those sold before Q4 2018. Furthermore, this particular attack can’t be leveraged via a web browser (whereas some MDS variants can, which makes them considerably more dangerous).

Not proactive enough

Those security researchers – a supergroup of them, no less – aren’t happy about the speed at which Intel has moved to fix these vulnerabilities, and the piecemeal approach taken to deploying these various patches, with the company accused of not being proactive enough here.

One of the researchers, Daniel Genkin of the University of Michigan, points out that Intel isn’t combating the source of the security flaws, but merely patching problems as they emerge. In other words, treating the symptoms rather than the root cause which really needs to be addressed.

Genkin observed: “As long as they’re trying to do symptomatic fixes, stuff like this will keep happening.”

In response to the flak fired by these security researchers, Intel told Wired that: “Intel makes every effort to validate PoCs (proof of concepts) as quickly as possible when we receive them,” and that it works “with all the necessary parties and develops well-tested patches that work across the diverse computing environments”.

Intel also said of these latest vulnerabilities that it is “not aware of any use of these issues outside of a controlled lab environment”. In other words, the firm contends that these are flaws which haven’t actually been exploited in the real world.

The problem in determining that, though, as pointed out by another researcher, Herbert Bos of Vrije Universiteit Amsterdam, is that hackers using the technique(s) wouldn’t leave any trace, so we wouldn’t necessarily know about any active exploits in the wild.

Whatever the case, there’s no doubting that ZombieLoad is still very much a living nightmare for Intel, particularly following other high-profile speculation execution vulnerabilities which have affected the company’s chips in the past, such as Meltdown and Spectre.

No comments yet.

Leave a Reply

in development