[sf-lug] Notification about ZombieLoad Attack vulnerabilities
aaronco36
aaronco36 at SDF.ORG
Wed May 15 08:44:47 PDT 2019
For those of you who aren't already aware of this, there was posted within
the last several days the discovery of more critical vulnerabilities in
Intel-based processors *besides* the previous infamous Meltdown, Spectre,
and Foreshadow vulnerabilities.
>From the ZombieLoad Attack website [1]:
~~~~~~~~~~~~~~~ quoting ~~~~~~~~~~~~~~~~~~~~
Watch out! Your processor resurrects your private browsing-history and
other sensitive data.
After Meltdown, Spectre, and Foreshadow, we discovered more critical
vulnerabilities in modern processors. The ZombieLoad attack allows
stealing sensitive data and keys while the computer accesses them.
While programs normally only see their own data, a malicious program can
exploit the fill buffers to get hold of secrets currently processed by
other running programs. These secrets can be user-level secrets, such as
browser history, website content, user keys, and passwords, or
system-level secrets, such as disk encryption keys.
The attack does not only work on personal computers but can also be
exploited in the cloud.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Among other good sources of information about the ZombieLoad Attack
currently making the rounds, also see references [2] thru [6].
SJVN even mentioned yesterday in reference [7] how the ZombieLand Attack
vulnerability can affect Linux systems.
-A
================================
References
================================
[1]https://zombieloadattack.com/
[2]https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/
[3]https://www.zdnet.com/article/intel-cpus-impacted-by-new-zombieload-side-channel-attack/
[4]https://gizmodo.com/what-to-do-about-the-new-intel-chip-flaw-1834759126
[5]https://www.reddit.com/r/linux/comments/booowk/zombieload_cross_privilegeboundary_data_leakage_a/
[6]https://9to5mac.com/2019/05/14/intel-zombieload-vulnerability-mac/
[7]https://www.zdnet.com/article/linux-vs-zombieload/
================================
aaronco36 at sdf.org
---------------------
More information about the sf-lug
mailing list