Intel's new Cascade Lake processors vulnerable to new Zombieload attack

By Digit NewsDesk | Published on Nov 14 2019
Intel's new Cascade Lake processors vulnerable to new Zombieload attack

Make your home smarter than the average home

Make your life smarter, simpler, and more convenient with IoT enabled TVs, speakers, fans, bulbs, locks and more.

Click here to know more

HIGHLIGHTS

New Cascade lake chips vulnerable to new Zombieload attack

Intel to issue a microcode update to address the vulnerability

The new vulnerability was uncovered by the same team that found Spectre and Meltdown

Intel’s string of bad luck seems to keep going, now in the form of a new vulnerability. Security researchers have discovered a new variant of the Zombieload attack that was uncovered earlier this year. The new vulnerability affects all processors in the Cascade Lake family.

The new vulnerability was uncovered by the same team that found Spectre and Meltdown, two flaws that dealt a lot of damage to Intel’s reputation. The exploit named Zombieload could potentially allow an attacker to steal sensitive information from memory. According to TechCrunch,

“Intel calls the vulnerability Transactional Asynchronous Abort, or TAA. It’s similar to the microarchitectural data sampling vulnerabilities that were the focus of earlier chip-based side-channel attacks, but TAA applies only to newer chips. The new variant of the Zombieload attack allows hackers with physical access to a device the ability to read occasionally sensitive data stored in the processor. The vulnerability is found in how the processor tries to predict the outcome of future commands. This technique, known as speculative execution, makes the processor run faster, but its flawed design makes it possible for attackers to extract potentially sensitive data.”

The list of processors impacted by the new Zombieload attack includes the newly announced Intel Extreme processors such as the Intel Core i9-10900X, all the way up to Core i9-10980XE. The new Xeon processors are affected as well, including the recently announced Intel Xeon W-2200 series. Intel has said that they will be releasing a microcode update for the CPUs as part of its Patch Tuesday.

Earlier when the original Zombieload vulnerability was discovered, Intel had said that they would be making changes to Cascade Lake in ways where the exploit would not work. Intel did live up to its words, but the new version of Zombieload renders Intel’s changes moot. You can read the entire whitepaper on the Zombieload website.

logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.