Millions of computers affected by Intel chip flaw

May 15, 2019
The bugs allow hacking on personal computers and the cloud

Millions of computers have been affected by a new vulnerability on almost every Intel chip since 2011, allowing hackers to steal sensitive information directly from the processor.

The bugs, called ZombieLoad, can be exploited on personal computers and in the cloud, researchers say.

It is a side-channel attack on Intel chips, allowing hackers to exploit design flaws rather than injecting malicious code.

ZombieLoad is similar to Meltdown and Spectre, two bugs in 2018 that allowed critical information stored deep inside computer systems to be exposed.

Both bugs leaked sensitive data stored briefly in the processor, including passwords, secret keys and account tokens, and private messages.

Although no attacks exploiting the ZombieLoad bugs have been publicly reported, the researchers could not rule them out, because they say an attack would not necessarily leave a trace.

But to stop future attacks, Intel is applying patches to the microcode that will help to clear the processor’s buffers, preventing data from being read.

Speaking to website TechCrunch, Intel said that the microcode updates would affect processor performance.

It said most patched devices would lose up to a 3 per cent in performance. Data centres would lose as much as 9 per cent.

But a spokesman said the lapse in performance was unlikely to be noticeable in most cases.

Apple, Microsoft and Google have also released security patches, with other companies expected to follow.