Intel’s new Cascade Lake processors vulnerable to new Zombieload attack
New Cascade lake chips vulnerable to new Zombieload attack
Intel to issue a microcode update to address the vulnerability
The new vulnerability was uncovered by the same team that found Spectre and Meltdown
Intel’s string of bad luck seems to keep going, now in the form of a new vulnerability. Security researchers have discovered a new variant of the Zombieload attack that was uncovered earlier this year. The new vulnerability affects all processors in the Cascade Lake family.
The new vulnerability was uncovered by the same team that found Spectre and Meltdown, two flaws that dealt a lot of damage to Intel’s reputation. The exploit named Zombieload could potentially allow an attacker to steal sensitive information from memory. According to TechCrunch,
“Intel calls the vulnerability Transactional Asynchronous Abort, or TAA. It’s similar to the microarchitectural data sampling vulnerabilities that were the focus of earlier chip-based side-channel attacks, but TAA applies only to newer chips. The new variant of the Zombieload attack allows hackers with physical access to a device the ability to read occasionally sensitive data stored in the processor. The vulnerability is found in how the processor tries to predict the outcome of future commands. This technique, known as speculative execution, makes the processor run faster, but its flawed design makes it possible for attackers to extract potentially sensitive data.”
The list of processors impacted by the new Zombieload attack includes the newly announced Intel Extreme processors such as the Intel Core i9-10900X, all the way up to Core i9-10980XE. The new Xeon processors are affected as well, including the recently announced Intel Xeon W-2200 series. Intel has said that they will be releasing a microcode update for the CPUs as part of its Patch Tuesday.
Earlier when the original Zombieload vulnerability was discovered, Intel had said that they would be making changes to Cascade Lake in ways where the exploit would not work. Intel did live up to its words, but the new version of Zombieload renders Intel’s changes moot. You can read the entire whitepaper on the Zombieload website.
Digit NewsDesk
Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile