Intel Zombieload vulnerability: Here's how it works and how you can protect yourself

By Mithun Mohandas | Updated 16 May 2019
Intel Zombieload vulnerability: Here's how it works and how you can protect yourself

Zombieload, that's what security researchers are calling the latest vulnerability to affect Intel processors up until their latest CPUs. It's a side channel exploit that allows attackers access to sensitive data purely by taking advantage of the vulnerability rather than having to push a payload onto the target system. As with Meltdown and Spectre, Zombieload comprises of four individual bugs. Almost all Intel CPUs since 2011 are believed to be affected. AMD and ARM processors are not vulnerable, so far.


How does Zombieload work?

The way Zombieload works is by pushing a significant amount of data which the processor can't process. This results in the processor having to rely on the microcode to decipher this zombie load and in doing so, applications that are currently residing on the CPU cache can access another application's data. As per security conventions, each application is only allowed access to its own data. This vulnerability, when exploited, allows access to everything that's currently stored in the CPU CACHE.

In a video, the security researchers that discovered the bug showcased how they could see which websites were being viewed on the target computer, in real time. Since the exploit gives access to everything in the target processor's cache, even passwords and other sensitive data can be easily accessed.


The researchers had informed Intel about the vulnerability last month to allow them sufficient time to patch it. Zombieload was discovered by a group of security researchers including Michael Schwarz, Moritz Lipp, Daniel Gruss (Graz University of Technology), and Jo Van Bulck (imec-DistriNet, KU Leuven).

Are you safe?

Practically all Intel CPUs including the server-grade Intel Xeon and the consumer-grade Intel Broadwell, Sandy Bridge, Skylake and Haswell chips are affected. The more recent Intel Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake chips are also affected. Also, all Atom and Knights processors are included in the list of vulnerable CPUs.


Since consumer and server grade processors are affected, Zombieload can be exploited to gain access to your data stored on your personal PCs as well as your data stored on cloud services.

A proof of concept Zombieload exploit code has been released to the public via Github.

How do you protect yourself?

Update. Intel has already worked with major hardware and software companies to push a microcode update. If you're on Windows or Linux, you should have received an update with the new security patch.


As for cloud services, all major cloud service providers including Google, Apple and Microsoft have already deployed the security updates to protect the affected processors.

Does the  Zombieload patch affect performance?

Like Spectre and Meltdown, when Zombieload is patched there will be a performance impact. On consumer PCs, this will be about 3% and on server PCs the impact will be about 9%.

Mithun Mohandas
While not dishing out lethal doses of sarcasm, this curious creature can often be found tinkering with tech, playing vidya' games or exploring the darkest corners of the Internets. #PCMasterRace

Recent Questions

Intel i5 and 16GB of RAM or i7 and 8GB RAM?
Hanut Pandey
Oct 22, 2014
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment