قالب وردپرس درنا توس
Home / Technology / ZombieLoad attack affects all Intel CPUs since 2011: What to do now?

ZombieLoad attack affects all Intel CPUs since 2011: What to do now?



Your laptop may be powered by an Intel CPU. In this case, you must upgrade your computer immediately after a number of vulnerabilities have been discovered that allow attackers to steal data directly from your processor.

The so-called ZombieLoad bug and three related security vulnerabilities have been uncovered by some of the same researchers who have focused on the critical Specter and Meltdown errors, and they have many similarities with these errors.

ZombieLoad and its relatives affect all Intel processors manufactured since 2011, ie all MacBooks and the vast majority of Windows PCs, most Linux servers and even many Chromebooks are in the crosshairs. The bugs can even be used on virtual machines in the cloud. However, AMD and ARM chips do not seem to be affected by these latest bugs. Credit: Intel "title =" Credit: Intel "/> Credit: Intel

According to Microarchitectural Data Sampling (MDS), selected 8th and 9th generation CPUs are already protected against the bug, and all future CPUs will include hardware degradation (the researchers who discovered the bugs do not agree with Intel and insist that these chips are still affected.)

"Microarchitectural Data Sampling (MDS) is already being addressed at the hardware level in many of us Intel® Core ™ 8th and 9th generation processors as well as the 2nd generation scalable Intel® Xeon® processor family,

How the attacks work

Like Specter, Meltdown, and a few other deficiencies discovered since then, these four new different attackers e ̵

1; called Zomb ieLoad, Fallout, RIDL, and Store-to-Leak Forwarding – exploit vulnerabilities in a widely-used feature called "speculative execution," which allows a processor to predict what an app or program will need next Improve performance.

The processor speculates or tries to guess what requirements for operations it will receive in the near future (i.e., in the next milliseconds). The processor performs or executes these operations before being requested to save time when the requests are actually made.

The problem is that by performing operations before they are actually needed, the CPUs – the results of these operations – d. H. Store data – in their own temporary memory caches. Specter, Meltdown and these last four errors allow attackers to read this data directly from the processor memory caches in various ways. There is a technical breakdown of the four new attacks.

An alarming proof-of-concept video shows how the ZombieLoad exploit can be run to determine which sites a person views in real time. The vulnerabilities also open the door for attackers to retrieve passwords, confidential documents, and encryption keys directly from a CPU.

"It's like we're treating the CPU as a network of components and basically listening to the traffic between them," said Cristiano Giuffrida, a researcher at Vrije Universiteit Amsterdam, who was part of the teams that formed the MDS Attacks discovered. said Wired. "We hear everything that these components exchange."

 Photo credits: Michael Schartz / Twitter "title =" Photo credit: Michael Schartz / Twitter "/> <span class= Photo credits: Michael Schartz / Twitter

Current Update

There is some good news: Intel, Apple, Google, and Microsoft have already released patches to fix the problem. There are many Linux distribution vendors but you will not be in danger until you have updated all Intel-based devices and their operating systems, which we strongly recommend To get updates on your Mac or to upgrade your Windows 10 PC, follow these steps: 19659002] Intel admitted that the security patches affect CPU performance on consumer devices by up to 3% and on data center computers by up to 9% Disables Hyper-Threading (a method that splits cores to improve performance) in Chrome OS 74 to reduce the environmental problems. However, do not be deterred from manually enforcing the update.

Conclusion

Unfortunately, researchers believe that weaknesses associated with speculative execution will continue to occur in the future. We can only keep our fingers crossed for these mistakes to be rectified quickly. Once you fix these bugs, make sure that all devices have been updated to the latest and most secure versions.


Source link