Prompts Intel, Apple, Microsoft, and Google to release patches
A major vulnerability, known as ZombieLoad, has been discovered that affects nearly every Intel processor made since 2011.
According to a new report by security experts, the ZombieLoad flaw allows potential malicious hackers to steal private browsing history, passwords and other information from affected PCs using a software that exploits four bugs in Intel hardware which researchers apparently reported to the processor maker last month.
A “zombie load” is a high amount of data that the processor cannot properly handle, which causes the processor to use elements of its microcode to prevent the whole PC crashing. This load can contain sensitive data from apps and programs, and the flaw allows this information to be accessed.
The ZombieLoad flaw brings to mind the Meltdown and Spectre bugs that plague Intel’s processors. Like Meltdown and Spectre, ZombieLoad is only thought to affect Intel processors, so devices running on AMD or ARM processors (such as smartphones and tablets) shouldn’t be vulnerable.
Release the patches!
While it doesn’t seem like ZombieLoad has been used by malicious hackers to steal information yet, the severity of the threat has caused companies such as Apple, Microsoft, and Google to release patches to mitigate against the vulnerability.
Apple has released a ZombieLoad patch for macOS Mojave 10.14.5, which applies to every Mac and MacBook released since 2011, which also includes an update for its Safari internet browser.
However, it appears that some Macs may see a 40% fall in performance if all the patches are applied. That’s bound to upset a lot of Mac owners, so let’s hope Apple and Intel work on further mitigations that reduce the impact on performance.
There will also be a security update for Macs running macOS Sierra and macOS High Sierra as well. iPhones and iPads are not affected.
Meanwhile, Google has also released patches to mitigate against ZombieLoad. While most Android devices run on ARM hardware and won’t be affected, any Android device using Intel hardware will need to apply the patches.
Chromebooks and Chrome OS devices will have already had the ZombieLoad patches applied. Google has also advised users of its Chrome web browser to make sure they install updates from their operating system – so Windows users and Mac users make sure you’ve got all the latest updates installed.
As we reported earlier, Microsoft has revealed that Windows 7 and XP are vulnerable to ZombieLoad, and it has released patches for all its operating systems which can be installed via Windows Update or from the Microsoft Support website.
Mozilla has also said that it is working on a long-term fix for its Firefox web browser for macOS, and Firefox Beta and Firefox Nightly versions have the patch already installed.
According to Mozilla, no action is needed for Windows and Linux users of Firefox.
We’ll be keeping a close eye on ZombieLoad as this story develops. Meltdown and Spectre ended up causing a lot of disruption – and badly damaged Intel’s reputation. Let’s hope ZombieLoad isn’t as problematic.
Code Execution Vulnerability Identified in Change Healthcare Cardiology DevicesA vulnerability has been identified in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. The vulnerability could be exploited by a locally authenticated...
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most Targeted
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most TargetedThe digital and network footprint of small businesses is continually growing. Online commerce, social media, remote workers, and cloud-based IT infrastructure are...
What Other Companies Can Learn from Facebook’s $5 Billion Fine and Why Privacy MattersWhile Facebook’s $5 billion settlement stands as the largest fine in the history of the Federal Trade Commission (FTC), one must take into consideration that not every company is...
Stay Up to Date With The Latest News & Updates
Join Our Newsletter
Get weekly tech updates and immediate alerts when there is a zero-day or security issue!