ZombieLoad Attacks May Affect All Intel CPUs Since 2011 What to Do

first_imgUpdate 5:42 pm ET: Apple posted a support page with instructions on how to disable hyper-threading to fully protect your Mac from ZombieLoad, but warned that doing so could decrease performance by up to 40%. For more information, read our guide on how to disable the feature.  There’s a good chance your laptop is powered by an Intel CPU. If so, then you’ll need to update your computer immediately, after a class of vulnerabilities was discovered that allows attackers to steal data directly from your processor. The so-called ZombieLoad bug and three related vulnerabilities were unearthed by some of the same researchers who brought the critical Spectre and Meltdown flaws into the spotlight, and it shares many similarities to those bugs. MacBook Air vs MacBook Pro: Which 13-inch MacBook Is Right For You?Apple’s entry-level MacBook Air and Pro look pretty similar, but our testing proved they differ in crucial ways.Your Recommended PlaylistVolume 0%Press shift question mark to access a list of keyboard shortcutsKeyboard Shortcutsplay/pauseincrease volumedecrease volumeseek forwardsseek backwardstoggle captionstoggle fullscreenmute/unmuteseek to %SPACE↑↓→←cfm0-9接下来播放Which Cheap Tablet Is Best? Amazon Fire 7 vs Walmart Onn02:45关闭选项Automated Captions – en-USAutomated Captions – en-USAutomated Captions – en-US facebook twitter 发邮件 reddit 链接https://www.laptopmag.com/articles/zombieload-attack-intel-what-to-do?jwsource=cl已复制直播00:0003:4603:46 ZombieLoad and its kin affect every Intel processor made since 2011, which means all MacBooks, a large majority of Windows PCs, most Linux servers and even many Chromebooks are in the crosshairs. The bugs can even be used on virtual machines in the cloud.  But AMD and ARM chips do not appear to be affected by these latest flaws.Credit: IntelIntel, which calls this set of flaws Microarchitectural Data Sampling, or MDS, says select 8th Gen and 9th Gen CPUs are already protected against the flaw, and that all future CPUs will include hardware mitigation. (The researchers who discovered the flaws disagree with Intel and insist those chips are still affected.) “Microarchitectural Data Sampling (MDS) is already addressed at the hardware level in many of our recent 8th and 9th Generation Intel® Core™ processors, as well as the 2nd Generation Intel® Xeon® Scalable Processor Family,” Intel said in an official statement.  How the Attacks WorkLike Spectre, Meltdown and several other flaws discovered since, these four new distinct attacks — called ZombieLoad, Fallout, RIDL and Store-to-Leak Forwarding — exploit weaknesses in a widely used feature called “speculative execution,” which is used to help a processor predict what an app or program will need next in order to improve performance. The processor speculates, or tries to guess, which requests for operations it will receive in the near future (i.e, the next few milliseconds). The processor carries out, or executes, those operations before they are requested in order to save time when the requests are actually made. The problem is that by carrying out operations before they are actually needed, the CPUs put the results of those operations — i.e., data — in their own short-term memory caches. In various ways, Spectre, Meltdown and these latest four flaws all permit attackers to read that data directly from the processor memory caches. There’s a technical breakdown of the four new attacks here.An alarming proof-of-concept video shows how the ZombieLoad exploit can be executed to see which websites a person is viewing in real time. The vulnerabilities also open the door for attackers to nab passwords, sensitive documents and encryption keys directly from a CPU. “It’s kind of like we treat the CPU as a network of components, and we basically eavesdrop on the traffic between them,” Cristiano Giuffrida, a researcher at Vrije Universiteit Amsterdam who was part of the teams that discovered the MDS attacks, told Wired. “We hear anything that these components exchange.”Credit: Michael Schwartz/TwitterUpdate Right NowThere is some good news. Intel, Apple, Google and Microsoft have already issued patches to fix the flaws. So have many makers of Linux distributions. But you’re not out of danger until you’ve updated all of your Intel-based devices and their operating systems, which we strongly recommend doing right away. Read our guide on how to check for updates on your Mac or follow these steps to update your Windows 10 PC.Intel admitted that the most recent security patches will impact CPU performance by up to 3% on consumer devices and up to 9% on data-center machines, and Google is disabling hyper-threading (a method that splits cores to increase performance) in Chrome OS 74 to mitigate the security risks. But don’t let that dissuade you from manually forcing the update.Apple posted a support page explaining that the only way to fully mitigate the flaw is to disable hyper-threading, but that by doing so, you risk decreasing system performance by a staggering 40%, according to internal testing. Most people won’t need to take such extreme measures to protect their computers, but certain at-risk users, like government employees and business executives, might want want to take the precaution. If you fall into these groups or want extra reassurance, read our guide on how to disable hyper-threading on macOS (for Mojave, High Sierra and Sierra).    Bottom LineUnfortunately, researchers believe that vulnerabilities related to speculative execution will continue to surface far into the future. We can only cross our fingers that these flaws are quickly patched, but once they are, it’s up to you to make sure your devices have all been updated to the latest, most secure versions.Meltdown and Spectre: How to Protect Your PC, Mac and PhoneWhat Is a TPM? How This Chip Can Protect Your Data9 Tips to Stay Safe on Public Wi-Fi Phillip Tracy, Author Bio Phillip Tracy, center_img by Taboolaby TaboolaSponsored LinksSponsored LinksPromoted LinksPromoted LinksYou May LikeComputerWorldBrandPost: Influencers Weigh in on How to Balance IT, End-User Technology NeedsComputerWorldUndoVerizon WirelessThis new phone will blow your mind.Verizon WirelessUndoTODAYPolice Identify Girl Licking Ice Cream Tub In Viral VideoTODAYUndo247 SportsThese Redesigned NFL Helmets Are Better Than the Real Thing247 SportsUndoRealtor.comJeffrey Epstein’s $56 Million Mansion Could Become a Real-Estate NightmareRealtor.comUndoCBS NewsMet Gala 2019: Red Carpet Looks From The Annual FundraiserCBS NewsUndoAdvertisement Phillip Tracy is a senior writer at Tom’s Guide and Laptop Mag, where he reviews laptops and covers the latest industry news. After graduating with a journalism degree from the University of Texas at Austin, Phillip became a tech reporter at the Daily Dot. There, he wrote reviews for a range of gadgets and covered everything from social media trends to cybersecurity. Prior to that, he wrote for RCR Wireless News and NewBay Media. When he’s not tinkering with devices, you can find Phillip playing video games, reading, listening to indie music or watching soccer.last_img