What Is “ZombieLoad” And How Can I Protect Myself From It?
The recent announcement of critical flaws in CPUs produced by Intel known as “ZombieLoad” has disrupted the computing world. “ZombieLoad” is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code. "ZombieLoad" is made up of four bugs, which the researchers reported to Intel about a month ago.
Although there is no evidence that “ZombieLoad” has yet been exploited to steal data, the vulnerability could result in attackers gaining access to sensitive information in memory. Therefore it is advised that systems be patched as soon as possible to mitigate this type of attack.
- Apple has released patches on 5/13/2019 that address "ZombieLoad" and details on those patches can be found here: https://support.apple.com/en-us/HT210107. WinMagic has tested this mitigation against the most recent version of SecureDoc which is 8.3 SR1 and found no issues.
- Microsoft is releasing patches via Windows Update to address "ZombieLoad" and similar attacks. Microsoft’s has also provided guidance on these type of attacks here: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013. WinMagic has tested these mitigations against the most recent version of SecureDoc which is 8.3 SR1 and found no issues with either our endpoint product or Windows instances using our CloudVM product.
- WinMagic is monitoring developments in the Linux community, and will assess and advise as available.
Reference Info:
For more information regarding this vulnerability, you can refer to this site for additional details: https://zombieloadattack.com/
Please Note: This article will be updated a new information becomes available.