Intel Corporation has revealed a rather serious but difficult to exploit security vulnerability. The most concerning aspect about the security flaw is that it is embedded in the processor architecture. Fortunately, the bug is rather difficult to exploit with commonly available hardware and resources. Nonetheless, millions of PCs running on Intel processors dating back to 2011 are currently vulnerable.
Intel has announced yet another security flaw which, unfortunately, cannot be fixed permanently with Over The Air (OTA) updates or BIOS flash. The bug is right along the lines of ‘Spectre’ and ‘Meltdown’, two hereto unseen security flaws discovered last year. These flaws theoretically allowed hackers to completely bypass traditional hardware security barriers. By leapfrogging over the seemingly impenetrable security, nefarious agents could potentially gain access to data once believed to be securely held. Essentially, sensitive data could be picked up right from the hardware while it was being accessed or written.
What is even more concerning is that the latest flaw, increasingly being referred to as ‘ZombieLoad’, which is at the CPU-level, could potentially compromise data that is stored on remote servers. This is because ZombieLoad can be triggered in virtual machines. These emulated mini-computers were supposed to be isolated from other virtual systems and their host device.
The bug allows hackers to effectively exploit design flaws. Hackers need not work on injecting malicious code. Intel has indicated that ZombieLoad consists of four individual bugs that can be collectively exploited. The flaw is deeply embedded within the architecture of computer hardware. The CPU maker has assured that it has yet to find any evidence of anyone exploiting it outside of a research laboratory.
While Intel’s 2011 and later CPUs are vulnerable, the company has released microcode to patch vulnerable processors, including Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake and Haswell chips. Moreover, Intel has been reportedly working with leading tech companies like Google, Microsoft, and Apple. These companies have released patches to mitigate the risk. Other companies are expected to follow. Although the end-user may not feel it, the patches could bring down the CPU performance from anywhere between 3 and 9 percent.