Intel Is Patching the Patch for the Patch for Its ‘Zombieload’ Flaw


Intel Is Patching the Patch for the Patch for Its ‘Zombieload’ Flaw

Intel’s made two attempts to fix the microprocessor vulnerability it was warned about 18 months ago. Third time’s the charm?

Over the last two years, security researchers have dug up one technique after another that lets a hacker trick Intel’s microprocessors into spilling a computer’s deepest secrets. As those flaws have been exposed, chipmakers have scrambled to patch them. But for one serious form of those attacks it turns out that Intel still hasn’t successfully patched the underlying problem despite 18 months of warnings—and not one but two failed attempts to do so.

On Monday, Intel announced that it will issue yet another update to its processors designed to solve a problem it calls “microarchitectural data sampling,” or MDS. Different teams of researchers who independently discovered the issue call it RIDL or Zombieload, and warned Intel about the problem as early as June of 2018. The new update, which Intel says will be made available “in the coming weeks,” is intended to fix two methods to exploit Intel chips via MDS, which have remained possible even after Intel released MDS patches in May of 2019 and then again last November. Some of the researchers first warned Intel about the more serious of the two flaws that it’s trying to fix now in a paper shared with Intel fully a year ago. Other researchers even shared proof-of-concept code with the company last May.





Like it? Share with your friends!

What's Your Reaction?

Angry Angry
0
Angry
Confused Confused
0
Confused
Buffoon Buffoon
0
Buffoon
Cry Cry
0
Cry
Cute Cute
0
Cute
WOW WOW
0
WOW
Dislike Dislike
0
Dislike
Fail Fail
0
Fail
Geek Geek
0
Geek
Like Like
0
Like

Send this to a friend