Boffins say even latest chips can be twisted into leaking data between processor cores
Intel is once again moving to patch its CPU microcode following the revelation of yet another data-leaking side-channel vulnerability.
The same group of university boffins who helped uncover the infamous Spectre and Meltdown flaws say that a third issue, reported back in May under the name ZombieLoad, extends even further into Chipzilla's processor line than previously thought.
The ZombieLoad hole can be exploited by malware running on a vulnerable machine, or a rogue logged-in user, to snoop on processor cores and extract sensitive information from memory that should be out of bounds. In practice, this would potentially allow an attacker already on the system to lift passwords, keys, and the like from other running software.
When the bug was publicly disclosed earlier this year, Intel said its latest chips – its 8th and 9th generation Core and second-generation Xeon Scalable microprocessors – were not vulnerable to this so-called Microarchitectural Data Sampling (MDS) info leak.
That, the researchers say, is no longer the case. A previously unreported ZombieLoad eavesdropping technique will work even on fully up-to-date processors that feature Intel's Transactional Synchronization Extensions (TSX) Asynchronous Abort (TAA) mechanism – even on Meltdown and Foreshadow-resistant silicon.
The crew of Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, and Daniel Gruss will t ..
Support the originator by clicking the read the rest link below.
