Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

ZombieLoad attack lets hackers steal data from Intel chips
The Verge ^ | May 14, 2019, 5:11pm EDT | By Jacob Kastrenakes

Posted on 05/14/2019 8:33:43 PM PDT by BenLurkin

A newly discovered security flaw in Intel processors allows attackers to steal any data that’s been recently accessed by the processor. That even holds true on cloud servers, which could allow an attacker to steal information from other virtual machines running on the same PC.

The flaw affects almost every Intel chip since 2011, according to TechCrunch. Wired reports that Apple and Google have already issued updates, while Microsoft announced the availability of updates today. Attackers have to be able to run code on a machine in order to take advantage of ZombieLoad, so this isn’t a flaw everyone is imminently at risk from.

ZombieLoad is the latest in a string of serious security flaws that take advantage of a process, known as speculative execution, that’s built into most modern processors. The feature allows processors to preemptively execute future commands, offering speed increases. But as researchers first discovered with Spectre and Meltdown, that process leaves some gaping vulnerabilities for attackers to slip through.

Fixing those vulnerabilities has required patching processors in ways that can slightly slow them down. But the fixes don’t cut off the attack vector entirely — speculative execution is an area that researchers expect to keep finding flaws. Spectre and Meltdown were the first two, and another was discovered just months later.

(Excerpt) Read more at theverge.com ...


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: intel; zombieload

1 posted on 05/14/2019 8:33:43 PM PDT by BenLurkin
[ Post Reply | Private Reply | View Replies]

To: Swordmaker

ping


2 posted on 05/14/2019 10:45:23 PM PDT by Pontiac (The welfare state must fail because it is contrary to human nature and diminishes the human spirit)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Pontiac; ThunderSleeps; ShadowAce; ~Kim4VRWC's~; 1234; 5thGenTexan; AbolishCSEU; Abundy; ...
If you are using the app WhatsApp on an Android or Apple iPhone with an Intel modem, then you may be vulnerable to an Intel exploit that has just been demonstrated which allows a malicious actor to mine your device’s connection to the Internet for your personal activities including possibly passwords, credit card data, etc. WhatsApp, Apple, and Microsoft have already published updates to prevent this from impacting their products. Easiest solution is to update or stop using WhatsApp. When asked what number of phones have been impacted by this exploit, the researcher who discovered it said “a number in the dozens would not be inaccurate”. The original report claimed that a WhatsApp user would have to answer an incoming message and then navigate to a malicious address which then downloaded a malicious payload to the Intel modem, but later reports claim that the authors of the report say that answer and navigating are not necessary, merely receiving a WhatsApp message can successfully infect the Intel Modem. That sounds highly unlikely. . . If so, any signal sent through the modem could have this capability, regardless of the apps on the device. —PING!

pinging ThunderSleeps and Shadow Ace for their Ping lists.


Apple and Android Security Ping!

If you want on or off the Mac Ping List, Freepmail me.

3 posted on 05/15/2019 11:45:22 AM PDT by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
[ Post Reply | Private Reply | To 2 | View Replies]

If you have automatic updating turned on on your iPhone or iPad, the update for WhatsApp, you have already been updated to the latest version which supposedly fixes this vulnerability if you have it on your device. For automatic updates to work, you do have to be connected to a WIFI network.


4 posted on 05/15/2019 11:48:12 AM PDT by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Pontiac

Thanks for the ping. . .


5 posted on 05/15/2019 11:48:38 AM PDT by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
[ Post Reply | Private Reply | To 2 | View Replies]

This “new” vulnerability has been known for at least a year now.


6 posted on 05/15/2019 1:55:59 PM PDT by Gene Eric (Don't be a statist!)
[ Post Reply | Private Reply | To 3 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson