قالب وردپرس درنا توس
Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Technology https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ ZombieLoad Attack Affects All Intel Processors Since 2011: What to Do Now

ZombieLoad Attack Affects All Intel Processors Since 2011: What to Do Now



There is a great chance your laptop will be powered by an Intel processor. If so, then you will need to immediately update your computer after a vulnerability class is detected that allows attackers to steal data directly from your processor. So-called ZombieLoad bugs and three related vulnerabilities were discovered by some of the same researchers who brought Critical Spectre and Meltdown flaws into the spotlight, and shares many similarities with these mistakes.

ZombieLoad and his family are concerned with every 2011 Intel processor, which means that all MacBooks, as well as the majority of Windows PCs, most Linux servers and even many Chromebooks are at a crossroads. The bugs can even be used on virtual machines in the cloud. But AMD and ARM chips do not seem to be affected by these latest flaws.  Credit: Intel "title =" Credit: Intel "/> <span class= Intel, which calls this set of shortcomings of microarchitecture data samples, or MDS, says the selected 8th and 9th Gen CPUs are already defective, and all future processors will include mitigation (The researchers who have found the drawbacks do not agree with Intel and insist that these chips are still affected.)

"Microarchitectural Data Collection (MDS) is already addressed at the hardware level in e have many of our recent eighth and ninth generation processors Intel® Core ™, and the second generation processors Intel® Xeon® Scalable Processor Family ", Intel said in a statement.

Like the Spectre, Meltdown, and several other defects discovered since then, these four new attacks – called Zomb ieLoad, Fallout, RIDL and Forwarding from Store-to-Leak Forwarding – use weaknesses in the widely-used feature , called "speculative performance," which is used to help the processor predict what an application or program will need to improve performance.

The processor speculates or tries to guess which requests for operations will be received in the near future (ie the next few milliseconds). The processor performs or performs these operations before being requested to save time when requests are actually made.

The problem is that by performing operations before they are actually needed, the processors put the results of these operations – that is, the data – into their own short-term cache. In different ways Spectre, Meltdown and these last four flaws allow attackers to read this data directly from the cache of the processor. Here is a technical breakdown of the four new attacks.

A proof-of-concept video clip shows how ZombieLoad exploitation can be performed to see which websites look at a person in real time. Vulnerabilities also open the door for attackers to take passwords, sensitive documents, and encryption keys directly from the processor.

"We seem to treat the CPU as a network of components, and we mainly listen to trafficking between them," Cristiano Jufrida, a researcher at Vrije Universiteit Amsterdam, who was part of the teams, discovered MDS attacks, "Wired said. "We hear something that exchanges these components."  Credit: Michael Scharz / Twitter "<span class= There are some good news: Intel, Apple, Google and Microsoft have already released patches to fix There are many Linux distributors, but you do not. you are at risk until you update all of your Intel-based devices and their operating systems that we strongly recommend to do immediately for updates on your Mac or follow these Update to your Windows 10 PC

Intel admitted that security patches will affect CPU performance up to 3% on consumer devices and up to 9% on data center machines and Google deactivates the hyper-thread (method which splits the kernels to increase productivity) in Chrome OS 74 to mitigate security risks. But do not let this dissuade you from manually applying the update. We can only cross our fingers that these shortcomings quickly become patchy, but once they get up, you have to make sure that all your devices are updated to the latest, most secure versions
Source link