Intel has announced that all of its chips made since the year 2011 are vulnerable to four new exploits. These exploits are being dubbed as ZombieLoad and affect all computers powered by Intel chips, including Apple’s Macs. The vulnerabilities found in the chips can be exploited to steal sensitive information from the processor. The ZombieLoad bug has been discovered by the same researchers that found Meltdown and Spectre bugs in Intel and ARM chips and they say that these new exploits are similar to the older bugs.
Just like Meltdown and Spectre, the ZombieLoad bugs can be used to extract sensitive information from a processor including passwords, secret keys, account tokens and private messages. The vulnerability is limited to Intel chips only, so ARM and AMD chips are not affected.
TechCrunch explains how the ZombieLoad exploit got its name…
ZombieLoad takes its name from a “zombie load,” an amount of data that the processor can’t understand or properly process, forcing the processor to ask for help from the processor’s microcode to prevent a crash. Apps are usually only able to see their own data, but this bug allows that data to bleed across those boundary walls. ZombieLoad will leak any data currently loaded by the processor’s core, the researchers said. Intel said patches to the microcode will help clear the processor’s buffers, preventing data from being read.
Good news is Apple has already released patches that fix the ZombieLoad vulnerability on the Macs with macOS 10.14.5. If you are a Mac user with chips made in 2011 or later it is recommended that you install the latest version of macOS on your machines to avoid leaking of sensitive data through these exploits. If you are running an older version of macOS, you can download Apple’s patches for macOS High Sierra and Sierra to protect your computer from ZombieLoad vulnerability.
