Vulnerabilities also extend to the cloud; supposedly isolated virtual machines (VMs) could read data from another- posing significant rusk to environments where multiple customers' VMs are on the same server.
Both bugs leaked sensitive data stored briefly in the processor, including passwords, secret keys and account tokens, and private messages.
While it doesn't seem like ZombieLoad has been used by malicious hackers to steal information yet, the severity of the threat has caused companies such as Apple, Microsoft and Google to release patches to mitigate against the vulnerability.
Security researchers and Intel have recently disclosed a security vulnerability that has a major impact on a huge number of processors that Intel has released since 2011.
Those who warned that the Meltdown and Spectre computer chip flaws revealed past year would trigger a new era of hardware vulnerability discovery were on to something. Researchers say it's hard or impossible to tell because, unlike most other kinds of hacking, exploitation of these flaws may not leave any traces.
'Even if home users used their browsers to visit a website with an advert or other content with a malware Java programme, the hacker could still steal information, ' the researchers say.Читайте также: Trump's tariffs could make your next iPhone way more expensive
In a message to Gizmodo, an Intel spokesperson said that MDS "is already addressed at the hardware level in many of our recent 8th and 9th Generation Intel® Core™ processors, as well as the 2nd Generation Intel® Xeon® Scalable processor family".
"This flaw is particularly risky for Intel-based public clouds running untrusted workloads in shared-tenancy environments, "Red Hat warns in a security alert".
"ZombieLoad is a novel category of side-channel attacks which we refer to as data-sampling attack", the researchers say in a Tuesday blog post.
The researchers who discovered the vulnerabilities published this proof-of-concept demonstration showing how an unprivileged attacker - who has the ability to execute code on a system - can reconstruct URLs being visited in Firefox.
Security researchers have revealed the Zombieload Attack to the public.
Taken together, the three exploits against four vulnerabilities cover processors dating back to 2008. However, it said, that the influence on many PC owners should be minimum.
Intel told Wired that its own researchers discovered the MDS vulnerabilities previous year.При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2019 Copyright.
Автоматизированное извлечение информации сайта запрещено.
Код для вставки в блог