Another day, another disclosure of a new side-channel exploit affecting modern PC processors. This time around, we're talking about ZombieLoad, which takes advantage of vulnerabilities specific to Intel processors.
At its heart, ZombieLoad is reminiscent of Meltdown, Spectre and Foreshadow, which we have all covered in great detail over the past year. More specifically, ZombieLoad takes advantage of a processor's fill-buffer logic. Digging into the white paper, we see that the researchers behind the exploit were able to extract secure keys from Intel's own architectural quoting enclave, which in effect broke the confidentiality of SGX (Software Guard Extensions). In addition, the researchers found that ZombieLoad could not only be used to compromise native code, but also extend into virtualized environments.
"ZombieLoad is a transient-execution attack which observes the values of memory loads on the current physical CPU," write the researchers. "ZombieLoad exploits that the fill buffer is accessible by all logical CPUs of a physical CPU core and that it does not distinguish between processes or privilege levels.
"We show that ZombieLoad is an even more powerful attack when combined with existing techniques known from traditional side-channel attacks."
According to the researchers, nearly Intel's entire current and back catalog of processors dating back to 2011 are affected by ZombieLoad, which is indeed troubling. On the positive side, at this time it does not appears that AMD processors or ARM-based processors are vulnerable to the exploit.
The researchers who identified ZombieLoad include some of the same people involved with the initial work behind Spectre and Meltdown, and they were joined by team members from Bitdefender. Thankfully, these researchers have been working hand-in-hand with Intel and major software vendors to combat future ZombieLoad attacks. For its part, Intel issued the following statement with respect to ZombieLoad:
Microarchitectural Data Sampling (MDS) is already addressed at the hardware level in many of our recent 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable Processor Family. For other affected products, mitigation is available through microcode updates, coupled with corresponding updates to operating system and hypervisor software that are available starting today. We've provided more information on our website and continue to encourage everyone to keep their systems up to date, as it's one of the best ways to stay protected. We'd like to extend our thanks to the researchers who worked with us and our industry partners for their contributions to the coordinated disclosure of these issues.
Apple has fully patched against ZombieLoad with the release of macOS Mojave 10.14.5, which went out to customers yesterday. Apple also will address the exploit on macOS Sierra and macOS High Sierra. While Android devices running ARM processors aren't affected, Google is asking customer with Intel-based Android devices to reach out to their hardware manufacturer for updates. Chrome OS has protections in place at this time to combat against ZombieLoad. As for Microsoft, Patch Tuesday updates available today address ZombieLoad.