Researchers have found another security flaw in the Intel processor chips that power most of the world’s computers, one that can compromise users’ private data – and that can’t be fixed without a major performance drop.
The exploit, dubbed ZombieLoad, is embedded in Intel’s processor chips themselves, meaning even the best-designed software patches can only go part of the way toward plugging the hole without reducing the chips’ performance. The vulnerability may allow attackers to ‘resurrect’ critical data processed by the chip – from browser history and passwords to disk encryption keys and other system-level sensitive data.
Its reach isn’t even limited to the end-user’s computer, according to researchers Michael Schwarz, Moritz Lipp, and Daniel Gruss from Graz University of Technology and Jo Van Bulck from KU Leuven: it “can also be exploited in the cloud.”
Intel claims there is no evidence Zombieload was exploited by real-world actors, but as the researchers explain, because it’s a hardware vulnerability, attackers who use it may not leave the traces of outside interference found with typical software exploits. It’s also ‘unlikely’ such activity would be caught by an anti-virus program, though secondary attacks that use it to invade a user’s system might set off alarms.
Intel has reportedly addressed the problem “at the hardware level” in its newest processors, while releasing microcode and software updates to patch older chips. Apple, Microsoft, Google, and Mozilla have all issued their own patches, but some users might have to brace for as much as a 40 percent reduction in performance.