In 2018 two major security flaws, dubbed Spectre and Meltdown, appeared on the scene. Now a third processor security hole, ZombieLoad, is joining these to create a triple threat. Zombie Load, Spectre, and Meltdown are security holes in the processors of many, many personal computers as well as servers, including those in the cloud.
These flaws are specific to Intel processors, and while you may think that you don’t have an Intel processor in your computer, the odds are very good that you do. According to Intel, approximately 80% of the world’s personal computers have Intel processors. So yes, you need to be concerned about this.
People with Apple products are particularly likely to think that something that affects Intel processor chips doesn’t affect them, as they are more likely to associate Intel with Windows. But they would be wrong.
Macs have Intel Inside Too
|Get notified of new Internet Patrol articles for free!
We first wrote about the Spectre speculative execution flaw in January of last year. So you would think that places – especially places that lease servers, and that host cloud services – would have dealt with that long ago.
But that is apparently not the case. As recently as just yesterday, July 31, 2019, one major service provider sent out this notice:
Previously, you received communication from us regarding an update and reboot(s) to your Cloud server(s) necessary to address two high-profile, security vulnerabilities that have come to be known as “Zombie Load”, “Meltdown” and “Spectre”.
We are reaching out to inform you that we will be applying additional patches related to the latest variations identified in these vulnerabilities. As a reminder, these vulnerabilities affect nearly every modern server and desktop computer. We will be patching and rebooting all of our Cloud infrastructure and have scheduled the following maintenance window:
Friday, August 16th, 11pm – 7am ET
As before, these vulnerabilities require immediate attention. [Name of service provider omitted] takes these threats very seriously as they pose a risk of secure information being accessed by rogue programs and hackers. We are working aggressively with all of our hardware and software vendors to remediate exposure and protect your servers in the least impactful manner possible. Please be aware that resizing your server between now and the reboot period will move your instance to different infrastructure, and may result in a different maintenance window.
For servers running a Linux-based operating system, we will apply patches and automatically reboot your server(s) during the maintenance window.
For servers running a Windows-based operating system and have automatic Windows Updates enabled, your server(s) will be patched and rebooted according to the normal Windows Update schedule. If you have opted to manage your own Windows Update schedule, please ensure you have installed all available updates and rebooted.
This is a critical concern for all servers; therefore, we will schedule reboot windows for our customers using dedicated servers in the coming days as well. As always, security of your servers is of utmost importance to us here at [name of service provider omitted]. We have a dedicated team of security and server engineers working 24×7 to apply the patches and address this critical vulnerability.”
What do ZombieLoad, Meltdown and Spectre do?
ZombieLoad, Meltdown, and Spectre were first brought to widespread attention by, among others, researchers at the Graz University of Technology, in Austria. In fact, GUT has put up websites specific to ZombieLoad and to Meltdown and Spectre.
Basically each of these security flaws allow an attacker to exploit and extract data from your computer.
Of ZombieLoad, the good folks at GUT explain that “Your processor resurrects your private browsing-history and other sensitive data… The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them. While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys.”
They add “The attack does not only work on personal computers but can also be exploited in the cloud.”
They even provide a virtualized demo of someone taking advantage of the ZombieLoad security hole. You can see that demo here, and note that the attacker is successful even though the user is using the Tor browser and within a virtual machine!
Meltdown and Spectre
Put as basically as possible, Meltdown allows access to your computer’s memory, while Spectre allows access to various programs by exploiting the speculative execution function of the processor. You can read more about that latter in our own article, Do I Have to Worry About the Spectre Intel Chip Security Flaw? And What is Speculative Execution?
What You Need to Do to Secure Your Computer against ZombieLoad, Meltdown, and Spectre
Windows users should go to the Microsoft Windows Security Help page and follow instructions for their version of Windows.
OS X users can read about the most recent security updates here, however to actually apply any updates you need to open the App Store app on your Mac, and it will let you know if there are any updates, and prompt you to install them.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!