Those who warned that the Meltdown and Spectre computer chip flaws revealed past year would trigger a new era of hardware vulnerability discovery were on to something. Intel says it could let attackers see leaked data but it's hard to exploit outside of a laboratory.
Researchers have found another security flaw in the Intel processor chips that power most of the world's computers, one that can compromise users' private data - and that can't be fixed without a major performance drop. And while the set of four attacks all operate in a similar manner to Meltdown and Spectre, these new MDS attacks (ZombieLoad, Fallout, and RIDL) appear to be easier to execute.
Each variant of the attack can be used as a gateway into viewing raw data that passes through a processor's cache before it is tossed discarded through the speculative execution process.
ZombieLoad was discovered by the same researchers who uncovered the notorious Spectre and Meltdown vulnerabilities in 2017, a finding which shook the computer world's sense of security to its core.
The flaws were unearthed by a supergroup of security researchers hailing from places and companies such as Graz University of Technology, Bitdefender and Oracle.
And the cloud is also vulnerable.
While it doesn't seem like ZombieLoad has been used by malicious hackers to steal information yet, the severity of the threat has caused companies such as Apple, Microsoft and Google to release patches to mitigate against the vulnerability.
Following the publishing of independent research into Zombieload, Intel also published its own overview, detailing its efforts for mitigation, the performance impact involved and encouraging Intel CPU users to update their systems.
While fixes may be starting to become available, it will take time for them to be applied to PCs and servers affected by the four variants. The vulnerabilities also open the door for attackers to nab passwords, sensitive documents and encryption keys directly from a CPU.
This post may contain affiliate links.
In many cases, those barriers are located at the level of central processing unit, or CPU - hardware that has traditionally seen little attention from hackers.